• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2014 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package google
6
7import (
8	"sort"
9	"strings"
10	"sync"
11	"time"
12
13	"golang.org/x/net/context"
14	"golang.org/x/oauth2"
15)
16
17// appengineFlex is set at init time by appengineflex_hook.go. If true, we are on App Engine Flex.
18var appengineFlex bool
19
20// Set at init time by appengine_hook.go. If nil, we're not on App Engine.
21var appengineTokenFunc func(c context.Context, scopes ...string) (token string, expiry time.Time, err error)
22
23// Set at init time by appengine_hook.go. If nil, we're not on App Engine.
24var appengineAppIDFunc func(c context.Context) string
25
26// AppEngineTokenSource returns a token source that fetches tokens
27// issued to the current App Engine application's service account.
28// If you are implementing a 3-legged OAuth 2.0 flow on App Engine
29// that involves user accounts, see oauth2.Config instead.
30//
31// The provided context must have come from appengine.NewContext.
32func AppEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
33	if appengineTokenFunc == nil {
34		panic("google: AppEngineTokenSource can only be used on App Engine.")
35	}
36	scopes := append([]string{}, scope...)
37	sort.Strings(scopes)
38	return &appEngineTokenSource{
39		ctx:    ctx,
40		scopes: scopes,
41		key:    strings.Join(scopes, " "),
42	}
43}
44
45// aeTokens helps the fetched tokens to be reused until their expiration.
46var (
47	aeTokensMu sync.Mutex
48	aeTokens   = make(map[string]*tokenLock) // key is space-separated scopes
49)
50
51type tokenLock struct {
52	mu sync.Mutex // guards t; held while fetching or updating t
53	t  *oauth2.Token
54}
55
56type appEngineTokenSource struct {
57	ctx    context.Context
58	scopes []string
59	key    string // to aeTokens map; space-separated scopes
60}
61
62func (ts *appEngineTokenSource) Token() (*oauth2.Token, error) {
63	if appengineTokenFunc == nil {
64		panic("google: AppEngineTokenSource can only be used on App Engine.")
65	}
66
67	aeTokensMu.Lock()
68	tok, ok := aeTokens[ts.key]
69	if !ok {
70		tok = &tokenLock{}
71		aeTokens[ts.key] = tok
72	}
73	aeTokensMu.Unlock()
74
75	tok.mu.Lock()
76	defer tok.mu.Unlock()
77	if tok.t.Valid() {
78		return tok.t, nil
79	}
80	access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...)
81	if err != nil {
82		return nil, err
83	}
84	tok.t = &oauth2.Token{
85		AccessToken: access,
86		Expiry:      exp,
87	}
88	return tok.t, nil
89}
90