aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--include/grpc++/credentials.h6
-rw-r--r--include/grpc/grpc_security.h9
-rw-r--r--src/core/security/credentials.c53
-rw-r--r--src/cpp/client/secure_credentials.cc7
-rw-r--r--test/core/security/credentials_test.c22
5 files changed, 95 insertions, 2 deletions
diff --git a/include/grpc++/credentials.h b/include/grpc++/credentials.h
index 7a40cd199d..0eaaefcbca 100644
--- a/include/grpc++/credentials.h
+++ b/include/grpc++/credentials.h
@@ -120,6 +120,12 @@ std::shared_ptr<Credentials> JWTCredentials(const grpc::string& json_key,
std::shared_ptr<Credentials> RefreshTokenCredentials(
const grpc::string& json_refresh_token);
+// Builds access token credentials.
+// access_token is an oauth2 access token that was fetched using an out of band
+// mechanism.
+std::shared_ptr<Credentials> AccessTokenCredentials(
+ const grpc::string& access_token);
+
// Builds IAM credentials.
std::shared_ptr<Credentials> IAMCredentials(
const grpc::string& authorization_token,
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 7a6aa66670..1f91e65278 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -126,13 +126,18 @@ grpc_credentials *grpc_jwt_credentials_create(const char *json_key,
grpc_credentials *grpc_refresh_token_credentials_create(
const char *json_refresh_token);
-/* Creates a fake transport security credentials object for testing. */
-grpc_credentials *grpc_fake_transport_security_credentials_create(void);
+/* Creates an Oauth2 Access Token credentials with an access token that was
+ aquired by an out of band mechanism. */
+grpc_credentials *grpc_access_token_credentials_create(
+ const char *access_token);
/* Creates an IAM credentials object. */
grpc_credentials *grpc_iam_credentials_create(const char *authorization_token,
const char *authority_selector);
+/* Creates a fake transport security credentials object for testing. */
+grpc_credentials *grpc_fake_transport_security_credentials_create(void);
+
/* --- Secure channel creation. --- */
/* The caller of the secure_channel_create functions may override the target
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index acea676670..8d694c2f79 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -875,6 +875,59 @@ grpc_credentials *grpc_fake_oauth2_credentials_create(
return &c->base;
}
+/* -- Oauth2 Access Token credentials. -- */
+
+typedef struct {
+ grpc_credentials base;
+ grpc_credentials_md_store *access_token_md;
+} grpc_access_token_credentials;
+
+static void access_token_destroy(grpc_credentials *creds) {
+ grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
+ grpc_credentials_md_store_unref(c->access_token_md);
+ gpr_free(c);
+}
+
+static int access_token_has_request_metadata(const grpc_credentials *creds) {
+ return 1;
+}
+
+static int access_token_has_request_metadata_only(
+ const grpc_credentials *creds) {
+ return 1;
+}
+
+static void access_token_get_request_metadata(grpc_credentials *creds,
+ grpc_pollset *pollset,
+ const char *service_url,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
+ cb(user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK);
+}
+
+static grpc_credentials_vtable access_token_vtable = {
+ access_token_destroy, access_token_has_request_metadata,
+ access_token_has_request_metadata_only, access_token_get_request_metadata,
+ NULL};
+
+grpc_credentials *grpc_access_token_credentials_create(
+ const char *access_token) {
+ grpc_access_token_credentials *c =
+ gpr_malloc(sizeof(grpc_access_token_credentials));
+ char *token_md_value;
+ memset(c, 0, sizeof(grpc_access_token_credentials));
+ c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2;
+ c->base.vtable = &access_token_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->access_token_md = grpc_credentials_md_store_create(1);
+ gpr_asprintf(&token_md_value, "Bearer %s", access_token);
+ grpc_credentials_md_store_add_cstrings(
+ c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value);
+ gpr_free(token_md_value);
+ return &c->base;
+}
+
/* -- Fake transport security credentials. -- */
static void fake_transport_security_credentials_destroy(
diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc
index b5134b3140..4d200908fb 100644
--- a/src/cpp/client/secure_credentials.cc
+++ b/src/cpp/client/secure_credentials.cc
@@ -117,6 +117,13 @@ std::shared_ptr<Credentials> RefreshTokenCredentials(
grpc_refresh_token_credentials_create(json_refresh_token.c_str()));
}
+// Builds access token credentials.
+std::shared_ptr<Credentials> AccessTokenCredentials(
+ const grpc::string& access_token) {
+ return WrapCredentials(
+ grpc_access_token_credentials_create(access_token.c_str()));
+}
+
// Builds IAM credentials.
std::shared_ptr<Credentials> IAMCredentials(
const grpc::string& authorization_token,
diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c
index 4253be6b07..e8bb730849 100644
--- a/test/core/security/credentials_test.c
+++ b/test/core/security/credentials_test.c
@@ -331,6 +331,27 @@ static void test_iam_creds(void) {
check_iam_metadata, creds);
}
+static void check_access_token_metadata(void *user_data,
+ grpc_credentials_md *md_elems,
+ size_t num_md,
+ grpc_credentials_status status) {
+ grpc_credentials *c = (grpc_credentials *)user_data;
+ expected_md emd[] = {{GRPC_AUTHORIZATION_METADATA_KEY, "Bearer blah"}};
+ GPR_ASSERT(status == GRPC_CREDENTIALS_OK);
+ GPR_ASSERT(num_md == 1);
+ check_metadata(emd, md_elems, num_md);
+ grpc_credentials_unref(c);
+}
+
+static void test_access_token_creds(void) {
+ grpc_credentials *creds = grpc_access_token_credentials_create("blah");
+ GPR_ASSERT(grpc_credentials_has_request_metadata(creds));
+ GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds));
+ GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
+ grpc_credentials_get_request_metadata(creds, NULL, test_service_url,
+ check_access_token_metadata, creds);
+}
+
static void check_ssl_oauth2_composite_metadata(
void *user_data, grpc_credentials_md *md_elems, size_t num_md,
grpc_credentials_status status) {
@@ -863,6 +884,7 @@ int main(int argc, char **argv) {
test_oauth2_token_fetcher_creds_parsing_missing_token_type();
test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime();
test_iam_creds();
+ test_access_token_creds();
test_ssl_oauth2_composite_creds();
test_ssl_oauth2_iam_composite_creds();
test_compute_engine_creds_success();