GRPC Core  9.0.0
oauth2_credentials.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2016 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H
20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H
21 
23 
24 #include <grpc/grpc_security.h>
25 #include "src/core/lib/json/json.h"
28 
29 // Constants.
30 #define GRPC_STS_POST_MINIMAL_BODY_FORMAT_STRING \
31  "grant_type=urn:ietf:params:oauth:grant-type:token-exchange&subject_token=%" \
32  "s&subject_token_type=%s"
33 
34 // auth_refresh_token parsing.
35 typedef struct {
36  const char* type;
37  char* client_id;
41 
44  const grpc_auth_refresh_token* refresh_token);
45 
49  const char* json_string);
50 
54  const grpc_json* json);
55 
58 
59 // -- Oauth2 Token Fetcher credentials --
60 //
61 // This object is a base for credentials that need to acquire an oauth2 token
62 // from an http service.
63 
69 };
70 
72  public:
75 
79  grpc_closure* on_request_metadata,
80  grpc_error** error) override;
81 
83  grpc_error* error) override;
84 
86  grpc_error* error);
87 
88  protected:
90  grpc_httpcli_context* httpcli_context,
92  grpc_millis deadline) = 0;
93 
94  private:
95  gpr_mu mu_;
96  grpc_mdelem access_token_md_ = GRPC_MDNULL;
97  gpr_timespec token_expiration_;
98  bool token_fetch_pending_ = false;
99  grpc_oauth2_pending_get_request_metadata* pending_requests_ = nullptr;
100  grpc_httpcli_context httpcli_context_;
101  grpc_polling_entity pollent_;
102 };
103 
104 // Google refresh token credentials.
107  public:
110 
112  return refresh_token_;
113  }
114 
115  protected:
117  grpc_httpcli_context* httpcli_context,
119  grpc_millis deadline) override;
120 
121  private:
122  grpc_auth_refresh_token refresh_token_;
123  grpc_closure http_post_cb_closure_;
124 };
125 
126 // Access token credentials.
128  public:
129  grpc_access_token_credentials(const char* access_token);
131 
135  grpc_closure* on_request_metadata,
136  grpc_error** error) override;
137 
139  grpc_error* error) override;
140 
141  private:
142  grpc_mdelem access_token_md_;
143 };
144 
145 // Private constructor for refresh token credentials from an already parsed
146 // refresh token. Takes ownership of the refresh token.
150 
151 // Exposed for testing only.
154  const struct grpc_http_response* response, grpc_mdelem* token_md,
155  grpc_millis* token_lifetime);
156 
157 namespace grpc_core {
158 // Exposed for testing only. This function validates the options, ensuring that
159 // the required fields are set, and outputs the parsed URL of the STS token
160 // exchanged service.
162  const grpc_sts_credentials_options* options, grpc_uri** sts_url);
163 } // namespace grpc_core
164 
165 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H */
Definition: oauth2_credentials.h:127
~grpc_access_token_credentials() override
Definition: oauth2_credentials.cc:702
void cancel_get_request_metadata(grpc_credentials_mdelem_array *md_array, grpc_error *error) override
Definition: oauth2_credentials.cc:714
grpc_access_token_credentials(const char *access_token)
Definition: oauth2_credentials.cc:719
bool get_request_metadata(grpc_polling_entity *pollent, grpc_auth_metadata_context context, grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, grpc_error **error) override
Definition: oauth2_credentials.cc:706
Definition: oauth2_credentials.h:106
void fetch_oauth2(grpc_credentials_metadata_request *req, grpc_httpcli_context *httpcli_context, grpc_polling_entity *pollent, grpc_iomgr_cb_func cb, grpc_millis deadline) override
Definition: oauth2_credentials.cc:421
~grpc_google_refresh_token_credentials() override
Definition: oauth2_credentials.cc:417
const grpc_auth_refresh_token & refresh_token() const
Definition: oauth2_credentials.h:111
grpc_google_refresh_token_credentials(grpc_auth_refresh_token refresh_token)
Definition: oauth2_credentials.cc:453
Definition: oauth2_credentials.h:71
virtual void fetch_oauth2(grpc_credentials_metadata_request *req, grpc_httpcli_context *httpcli_context, grpc_polling_entity *pollent, grpc_iomgr_cb_func cb, grpc_millis deadline)=0
void cancel_get_request_metadata(grpc_credentials_mdelem_array *md_array, grpc_error *error) override
Definition: oauth2_credentials.cc:322
grpc_oauth2_token_fetcher_credentials()
Definition: oauth2_credentials.cc:349
~grpc_oauth2_token_fetcher_credentials() override
Definition: oauth2_credentials.cc:122
bool get_request_metadata(grpc_polling_entity *pollent, grpc_auth_metadata_context context, grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, grpc_error **error) override
Definition: oauth2_credentials.cc:272
void on_http_response(grpc_credentials_metadata_request *r, grpc_error *error)
Definition: oauth2_credentials.cc:228
void(* grpc_iomgr_cb_func)(void *arg, grpc_error *error)
gRPC Callback definition.
Definition: closure.h:53
grpc_credentials_status
Definition: credentials.h:41
int64_t grpc_millis
Definition: exec_ctx.h:35
#define GRPC_MDNULL
Definition: metadata.h:403
Round Robin Policy.
Definition: backend_metric.cc:24
grpc_error * ValidateStsCredentialsOptions(const grpc_sts_credentials_options *options, grpc_uri **sts_url_out)
Definition: oauth2_credentials.cc:639
void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token)
Destructs the object.
Definition: oauth2_credentials.cc:100
grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(const grpc_json *json)
Creates a refresh token object from parsed json.
Definition: oauth2_credentials.cc:53
grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response(const struct grpc_http_response *response, grpc_mdelem *token_md, grpc_millis *token_lifetime)
int grpc_auth_refresh_token_is_valid(const grpc_auth_refresh_token *refresh_token)
Returns 1 if the object is valid, 0 otherwise.
Definition: oauth2_credentials.cc:47
grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(const char *json_string)
Creates a refresh token object from string.
Definition: oauth2_credentials.cc:89
grpc_core::RefCountedPtr< grpc_call_credentials > grpc_refresh_token_credentials_create_from_auth_refresh_token(grpc_auth_refresh_token token)
Definition: oauth2_credentials.cc:458
Definition: sync_windows.h:26
Analogous to struct timespec.
Definition: gpr_types.h:47
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: grpc_security.h:373
Definition: oauth2_credentials.h:35
char * refresh_token
Definition: oauth2_credentials.h:39
char * client_id
Definition: oauth2_credentials.h:37
const char * type
Definition: oauth2_credentials.h:36
char * client_secret
Definition: oauth2_credentials.h:38
Definition: credentials.h:226
A closure over a grpc_iomgr_cb_func.
Definition: closure.h:56
Definition: credentials.h:205
Definition: credentials.h:302
Definition: error_internal.h:39
Definition: parser.h:71
Definition: httpcli.h:40
Definition: json.h:32
Definition: metadata.h:98
Definition: oauth2_credentials.h:64
grpc_closure * on_request_metadata
Definition: oauth2_credentials.h:66
grpc_credentials_mdelem_array * md_array
Definition: oauth2_credentials.h:65
struct grpc_oauth2_pending_get_request_metadata * next
Definition: oauth2_credentials.h:68
grpc_polling_entity * pollent
Definition: oauth2_credentials.h:67
Definition: polling_entity.h:37
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: grpc_security.h:337
Definition: uri_parser.h:26