1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138
|
// Copyright (c) 2016 VMware, Inc. All Rights Reserved.
//
// This product is licensed to you under the Apache License, Version 2.0 (the "License").
// You may not use this product except in compliance with the License.
//
// This product may include a number of subcomponents with separate copyright notices and
// license terms. Your use of these subcomponents is subject to the terms and conditions
// of the subcomponent's license, as noted in the LICENSE file.
package photon
import (
"fmt"
"github.com/vmware/photon-controller-go-sdk/photon/lightwave"
)
// Contains functionality for auth API.
type AuthAPI struct {
client *Client
}
// Gets Tokens from username/password.
func (api *AuthAPI) GetTokensByPassword(username string, password string) (tokenOptions *TokenOptions, err error) {
oidcClient, err := api.buildOIDCClient()
if err != nil {
return
}
tokenResponse, err := oidcClient.GetTokenByPasswordGrant(username, password)
if err != nil {
return
}
return api.toTokenOptions(tokenResponse), nil
}
// Gets tokens for client from username, password and a client ID.
func (api *AuthAPI) GetClientTokensByPassword(username string, password string, clientID string) (tokenOptions *TokenOptions, err error) {
oidcClient, err := api.buildOIDCClient()
if err != nil {
return
}
tokenResponse, err := oidcClient.GetClientTokenByPasswordGrant(username, password, clientID)
if err != nil {
return
}
return api.toTokenOptions(tokenResponse), nil
}
// GetTokensFromWindowsLogInContext gets tokens based on Windows logged in context
// In case of running on platform other than Windows, it returns error
func (api *AuthAPI) GetTokensFromWindowsLogInContext() (tokenOptions *TokenOptions, err error) {
oidcClient, err := api.buildOIDCClient()
if err != nil {
return
}
tokenResponse, err := oidcClient.GetTokensFromWindowsLogInContext()
if err != nil {
return
}
return api.toTokenOptions(tokenResponse), nil
}
// Gets tokens from refresh token.
func (api *AuthAPI) GetTokensByRefreshToken(refreshtoken string) (tokenOptions *TokenOptions, err error) {
oidcClient, err := api.buildOIDCClient()
if err != nil {
return
}
tokenResponse, err := oidcClient.GetTokenByRefreshTokenGrant(refreshtoken)
if err != nil {
return
}
return api.toTokenOptions(tokenResponse), nil
}
func (api *AuthAPI) getAuthEndpoint() (endpoint string, err error) {
authInfo, err := api.client.System.GetAuthInfo()
if err != nil {
return
}
if authInfo.Port == 0 {
authInfo.Port = 443
}
return fmt.Sprintf("https://%s:%d", authInfo.Endpoint, authInfo.Port), nil
}
func (api *AuthAPI) buildOIDCClient() (client *lightwave.OIDCClient, err error) {
authEndPoint, err := api.getAuthEndpoint()
if err != nil {
return
}
return lightwave.NewOIDCClient(
authEndPoint,
api.buildOIDCClientOptions(&api.client.options),
api.client.restClient.logger), nil
}
const tokenScope string = "openid offline_access rs_photon_platform at_groups"
func (api *AuthAPI) buildOIDCClientOptions(options *ClientOptions) *lightwave.OIDCClientOptions {
return &lightwave.OIDCClientOptions{
IgnoreCertificate: api.client.options.IgnoreCertificate,
RootCAs: api.client.options.RootCAs,
TokenScope: tokenScope,
}
}
func (api *AuthAPI) toTokenOptions(response *lightwave.OIDCTokenResponse) *TokenOptions {
return &TokenOptions{
AccessToken: response.AccessToken,
ExpiresIn: response.ExpiresIn,
RefreshToken: response.RefreshToken,
IdToken: response.IdToken,
TokenType: response.TokenType,
}
}
// Parse the given token details.
func (api *AuthAPI) parseTokenDetails(token string) (jwtToken *lightwave.JWTToken, err error) {
jwtToken = lightwave.ParseTokenDetails(token)
return jwtToken, nil
}
// Parse the given token raw details.
func (api *AuthAPI) parseRawTokenDetails(token string) (jwtToken []string, err error) {
jwtToken, err = lightwave.ParseRawTokenDetails(token)
return jwtToken, err
}
|