1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
// Copyright (c) 2016 VMware, Inc. All Rights Reserved.
//
// This product is licensed to you under the Apache License, Version 2.0 (the "License").
// You may not use this product except in compliance with the License.
//
// This product may include a number of subcomponents with separate copyright notices and
// license terms. Your use of these subcomponents is subject to the terms and conditions
// of the subcomponent's license, as noted in the LICENSE file.
package photon
import (
"encoding/json"
"fmt"
"github.com/vmware/photon-controller-go-sdk/photon/lightwave"
)
// Contains functionality for auth API.
type AuthAPI struct {
client *Client
}
const authUrl string = "/auth"
// Gets authentication info.
func (api *AuthAPI) Get() (info *AuthInfo, err error) {
res, err := api.client.restClient.Get(api.client.Endpoint+authUrl, "")
if err != nil {
return
}
defer res.Body.Close()
res, err = getError(res)
if err != nil {
return
}
info = &AuthInfo{}
err = json.NewDecoder(res.Body).Decode(info)
return
}
// Gets Tokens from username/password.
func (api *AuthAPI) GetTokensByPassword(username string, password string) (tokenOptions *TokenOptions, err error) {
oidcClient, err := api.buildOIDCClient()
if err != nil {
return
}
tokenResponse, err := oidcClient.GetTokenByPasswordGrant(username, password)
if err != nil {
return
}
return api.toTokenOptions(tokenResponse), nil
}
// Gets tokens from refresh token.
func (api *AuthAPI) GetTokensByRefreshToken(refreshtoken string) (tokenOptions *TokenOptions, err error) {
oidcClient, err := api.buildOIDCClient()
if err != nil {
return
}
tokenResponse, err := oidcClient.GetTokenByRefreshTokenGrant(refreshtoken)
if err != nil {
return
}
return api.toTokenOptions(tokenResponse), nil
}
func (api *AuthAPI) getAuthEndpoint() (endpoint string, err error) {
authInfo, err := api.client.Auth.Get()
if err != nil {
return
}
if !authInfo.Enabled {
return "", SdkError{Message: "Authentication not enabled on this endpoint"}
}
if authInfo.Port == 0 {
authInfo.Port = 443
}
return fmt.Sprintf("https://%s:%d", authInfo.Endpoint, authInfo.Port), nil
}
func (api *AuthAPI) buildOIDCClient() (client *lightwave.OIDCClient, err error) {
authEndPoint, err := api.getAuthEndpoint()
if err != nil {
return
}
return lightwave.NewOIDCClient(
authEndPoint,
api.buildOIDCClientOptions(&api.client.options),
api.client.restClient.logger), nil
}
const tokenScope string = "openid offline_access rs_esxcloud at_groups"
func (api *AuthAPI) buildOIDCClientOptions(options *ClientOptions) *lightwave.OIDCClientOptions {
return &lightwave.OIDCClientOptions{
IgnoreCertificate: api.client.options.IgnoreCertificate,
RootCAs: api.client.options.RootCAs,
TokenScope: tokenScope,
}
}
func (api *AuthAPI) toTokenOptions(response *lightwave.OIDCTokenResponse) *TokenOptions {
return &TokenOptions{
AccessToken: response.AccessToken,
ExpiresIn: response.ExpiresIn,
RefreshToken: response.RefreshToken,
IdToken: response.IdToken,
TokenType: response.TokenType,
}
}
// Parse the given token details.
func (api *AuthAPI) parseTokenDetails(token string) (jwtToken *lightwave.JWTToken, err error) {
jwtToken = lightwave.ParseTokenDetails(token)
return jwtToken, nil
}
// Parse the given token raw details.
func (api *AuthAPI) parseRawTokenDetails(token string) (jwtToken []string, err error) {
jwtToken, err = lightwave.ParseRawTokenDetails(token)
return jwtToken, err
}
|
