File: auth.go

package info (click to toggle)
golang-github-vmware-photon-controller-go-sdk 0.0~PROMOTED-738%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 556 kB
  • sloc: sh: 33; makefile: 4
file content (138 lines) | stat: -rw-r--r-- 3,972 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
// Copyright (c) 2016 VMware, Inc. All Rights Reserved.
//
// This product is licensed to you under the Apache License, Version 2.0 (the "License").
// You may not use this product except in compliance with the License.
//
// This product may include a number of subcomponents with separate copyright notices and
// license terms. Your use of these subcomponents is subject to the terms and conditions
// of the subcomponent's license, as noted in the LICENSE file.

package photon

import (
	"fmt"
	"github.com/vmware/photon-controller-go-sdk/photon/lightwave"
)

// Contains functionality for auth API.
type AuthAPI struct {
	client *Client
}

// Gets Tokens from username/password.
func (api *AuthAPI) GetTokensByPassword(username string, password string) (tokenOptions *TokenOptions, err error) {
	oidcClient, err := api.buildOIDCClient()
	if err != nil {
		return
	}

	tokenResponse, err := oidcClient.GetTokenByPasswordGrant(username, password)
	if err != nil {
		return
	}

	return api.toTokenOptions(tokenResponse), nil
}

// Gets tokens for client from username, password and a client ID.
func (api *AuthAPI) GetClientTokensByPassword(username string, password string, clientID string) (tokenOptions *TokenOptions, err error) {
	oidcClient, err := api.buildOIDCClient()
	if err != nil {
		return
	}

	tokenResponse, err := oidcClient.GetClientTokenByPasswordGrant(username, password, clientID)
	if err != nil {
		return
	}

	return api.toTokenOptions(tokenResponse), nil
}

// GetTokensFromWindowsLogInContext gets tokens based on Windows logged in context
// In case of running on platform other than Windows, it returns error
func (api *AuthAPI) GetTokensFromWindowsLogInContext() (tokenOptions *TokenOptions, err error) {
	oidcClient, err := api.buildOIDCClient()
	if err != nil {
		return
	}

	tokenResponse, err := oidcClient.GetTokensFromWindowsLogInContext()
	if err != nil {
		return
	}

	return api.toTokenOptions(tokenResponse), nil
}

// Gets tokens from refresh token.
func (api *AuthAPI) GetTokensByRefreshToken(refreshtoken string) (tokenOptions *TokenOptions, err error) {
	oidcClient, err := api.buildOIDCClient()
	if err != nil {
		return
	}

	tokenResponse, err := oidcClient.GetTokenByRefreshTokenGrant(refreshtoken)
	if err != nil {
		return
	}

	return api.toTokenOptions(tokenResponse), nil
}

func (api *AuthAPI) getAuthEndpoint() (endpoint string, err error) {
	authInfo, err := api.client.System.GetAuthInfo()
	if err != nil {
		return
	}

	if authInfo.Port == 0 {
		authInfo.Port = 443
	}

	return fmt.Sprintf("https://%s:%d", authInfo.Endpoint, authInfo.Port), nil
}

func (api *AuthAPI) buildOIDCClient() (client *lightwave.OIDCClient, err error) {
	authEndPoint, err := api.getAuthEndpoint()
	if err != nil {
		return
	}

	return lightwave.NewOIDCClient(
		authEndPoint,
		api.buildOIDCClientOptions(&api.client.options),
		api.client.restClient.logger), nil
}

const tokenScope string = "openid offline_access rs_photon_platform at_groups"

func (api *AuthAPI) buildOIDCClientOptions(options *ClientOptions) *lightwave.OIDCClientOptions {
	return &lightwave.OIDCClientOptions{
		IgnoreCertificate: api.client.options.IgnoreCertificate,
		RootCAs:           api.client.options.RootCAs,
		TokenScope:        tokenScope,
	}
}

func (api *AuthAPI) toTokenOptions(response *lightwave.OIDCTokenResponse) *TokenOptions {
	return &TokenOptions{
		AccessToken:  response.AccessToken,
		ExpiresIn:    response.ExpiresIn,
		RefreshToken: response.RefreshToken,
		IdToken:      response.IdToken,
		TokenType:    response.TokenType,
	}
}

// Parse the given token details.
func (api *AuthAPI) parseTokenDetails(token string) (jwtToken *lightwave.JWTToken, err error) {
	jwtToken = lightwave.ParseTokenDetails(token)
	return jwtToken, nil
}

// Parse the given token raw details.
func (api *AuthAPI) parseRawTokenDetails(token string) (jwtToken []string, err error) {
	jwtToken, err = lightwave.ParseRawTokenDetails(token)
	return jwtToken, err
}