golang/mikael/madonctl: comparison vendor/golang.org/x/oauth2/oauth2.go

equal deleted inserted replaced

-:c040f992052f
+:1c52a0eeb952
 // It can additionally grant authorization with Bearer JWT.
 package oauth2 // import "golang.org/x/oauth2"
 import (
 	"bytes"
+	"context"
 	"errors"
 	"net/http"
 	"net/url"
 	"strings"
 	"sync"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2/internal"
 )
 // NoContext is the default context you should supply if not using
 // your own context.Context (see https://golang.org/x/net/context).
 //
 // Deprecated: Use context.Background() or context.TODO() instead.
 var NoContext = context.TODO()
-// RegisterBrokenAuthHeaderProvider registers an OAuth2 server
+// RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op.
-// identified by the tokenURL prefix as an OAuth2 implementation
+//
-// which doesn't support the HTTP Basic authentication
+// Deprecated: this function no longer does anything. Caller code that
-// scheme to authenticate with the authorization server.
+// wants to avoid potential extra HTTP requests made during
-// Once a server is registered, credentials (client_id and client_secret)
+// auto-probing of the provider's auth style should set
-// will be passed as query parameters rather than being present
+// Endpoint.AuthStyle.
-// in the Authorization header.
+func RegisterBrokenAuthHeaderProvider(tokenURL string) {}
-// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
-func RegisterBrokenAuthHeaderProvider(tokenURL string) {
-	internal.RegisterBrokenAuthHeaderProvider(tokenURL)
-}
 // Config describes a typical 3-legged OAuth2 flow, with both the
 // client application information and the server's endpoint URLs.
 // For the client credentials 2-legged OAuth2 flow, see the clientcredentials
 // package (https://golang.org/x/oauth2/clientcredentials).
 	// Token must be safe for concurrent use by multiple goroutines.
 	// The returned Token must not be modified.
 	Token() (*Token, error)
 }
-// Endpoint contains the OAuth 2.0 provider's authorization and token
+// Endpoint represents an OAuth 2.0 provider's authorization and token
 // endpoint URLs.
 type Endpoint struct {
 	AuthURL  string
 	TokenURL string
-}
+	// AuthStyle optionally specifies how the endpoint wants the
+	// client ID & client secret sent. The zero value means to
+	// auto-detect.
+	AuthStyle AuthStyle
+}
+// AuthStyle represents how requests for tokens are authenticated
+// to the server.
+type AuthStyle int
+const (
+	// AuthStyleAutoDetect means to auto-detect which authentication
+	// style the provider wants by trying both ways and caching
+	// the successful way for the future.
+	AuthStyleAutoDetect AuthStyle = 0
+	// AuthStyleInParams sends the "client_id" and "client_secret"
+	// in the POST body as application/x-www-form-urlencoded parameters.
+	AuthStyleInParams AuthStyle = 1
+	// AuthStyleInHeader sends the client_id and client_password
+	// using HTTP Basic Authorization. This is an optional style
+	// described in the OAuth2 RFC 6749 section 2.3.1.
+	AuthStyleInHeader AuthStyle = 2
+)
 var (
 	// AccessTypeOnline and AccessTypeOffline are options passed
 	// to the Options.AuthCodeURL method. They modify the
 	// "access_type" field that gets sent in the URL returned by
 	AccessTypeOffline AuthCodeOption = SetAuthURLParam("access_type", "offline")
 	// ApprovalForce forces the users to view the consent dialog
 	// and confirm the permissions request at the URL returned
 	// from AuthCodeURL, even if they've already done so.
-	ApprovalForce AuthCodeOption = SetAuthURLParam("approval_prompt", "force")
+	ApprovalForce AuthCodeOption = SetAuthURLParam("prompt", "consent")
 )
 // An AuthCodeOption is passed to Config.AuthCodeURL.
 type AuthCodeOption interface {
 	setValue(url.Values)
 // the state query parameter on your redirect callback.
 // See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
 // as ApprovalForce.
-// It can also be used to pass the PKCE challange.
+// It can also be used to pass the PKCE challenge.
 // See https://www.oauth.com/oauth2-servers/pkce/ for more info.
 func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 	var buf bytes.Buffer
 	buf.WriteString(c.Endpoint.AuthURL)
 	v := url.Values{
 // degree of trust between the resource owner and the client (e.g., the client
 // is part of the device operating system or a highly privileged application),
 // and when other authorization grant types are not available."
 // See https://tools.ietf.org/html/rfc6749#section-4.3 for more info.
 //
-// The HTTP client to use is derived from the context.
+// The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
-// If nil, http.DefaultClient is used.
 func (c *Config) PasswordCredentialsToken(ctx context.Context, username, password string) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"password"},
 		"username":   {username},
 		"password":   {password},
 // Exchange converts an authorization code into a token.
 //
 // It is used after a resource provider redirects the user back
 // to the Redirect URI (the URL obtained from AuthCodeURL).
 //
-// The HTTP client to use is derived from the context.
+// The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
-// If a client is not provided via the context, http.DefaultClient is used.
 //
 // The code will be in the *http.Request.FormValue("code"). Before
 // calling Exchange, be sure to validate FormValue("state").
 //
 // Opts may include the PKCE verifier code if previously used in AuthCodeURL.

changeset 251	1c52a0eeb952
parent 242	2a9ec03fe5a1