1// Copyright 2014 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package google 6 7import ( 8 "sort" 9 "strings" 10 "sync" 11 "time" 12 13 "golang.org/x/net/context" 14 "golang.org/x/oauth2" 15) 16 17// appengineFlex is set at init time by appengineflex_hook.go. If true, we are on App Engine Flex. 18var appengineFlex bool 19 20// Set at init time by appengine_hook.go. If nil, we're not on App Engine. 21var appengineTokenFunc func(c context.Context, scopes ...string) (token string, expiry time.Time, err error) 22 23// Set at init time by appengine_hook.go. If nil, we're not on App Engine. 24var appengineAppIDFunc func(c context.Context) string 25 26// AppEngineTokenSource returns a token source that fetches tokens 27// issued to the current App Engine application's service account. 28// If you are implementing a 3-legged OAuth 2.0 flow on App Engine 29// that involves user accounts, see oauth2.Config instead. 30// 31// The provided context must have come from appengine.NewContext. 32func AppEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource { 33 if appengineTokenFunc == nil { 34 panic("google: AppEngineTokenSource can only be used on App Engine.") 35 } 36 scopes := append([]string{}, scope...) 37 sort.Strings(scopes) 38 return &appEngineTokenSource{ 39 ctx: ctx, 40 scopes: scopes, 41 key: strings.Join(scopes, " "), 42 } 43} 44 45// aeTokens helps the fetched tokens to be reused until their expiration. 46var ( 47 aeTokensMu sync.Mutex 48 aeTokens = make(map[string]*tokenLock) // key is space-separated scopes 49) 50 51type tokenLock struct { 52 mu sync.Mutex // guards t; held while fetching or updating t 53 t *oauth2.Token 54} 55 56type appEngineTokenSource struct { 57 ctx context.Context 58 scopes []string 59 key string // to aeTokens map; space-separated scopes 60} 61 62func (ts *appEngineTokenSource) Token() (*oauth2.Token, error) { 63 if appengineTokenFunc == nil { 64 panic("google: AppEngineTokenSource can only be used on App Engine.") 65 } 66 67 aeTokensMu.Lock() 68 tok, ok := aeTokens[ts.key] 69 if !ok { 70 tok = &tokenLock{} 71 aeTokens[ts.key] = tok 72 } 73 aeTokensMu.Unlock() 74 75 tok.mu.Lock() 76 defer tok.mu.Unlock() 77 if tok.t.Valid() { 78 return tok.t, nil 79 } 80 access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...) 81 if err != nil { 82 return nil, err 83 } 84 tok.t = &oauth2.Token{ 85 AccessToken: access, 86 Expiry: exp, 87 } 88 return tok.t, nil 89} 90