diff options
-rw-r--r-- | include/grpc++/credentials.h | 6 | ||||
-rw-r--r-- | include/grpc/grpc_security.h | 9 | ||||
-rw-r--r-- | src/core/security/credentials.c | 53 | ||||
-rw-r--r-- | src/cpp/client/secure_credentials.cc | 7 | ||||
-rw-r--r-- | test/core/security/credentials_test.c | 22 |
5 files changed, 95 insertions, 2 deletions
diff --git a/include/grpc++/credentials.h b/include/grpc++/credentials.h index 7a40cd199d..0eaaefcbca 100644 --- a/include/grpc++/credentials.h +++ b/include/grpc++/credentials.h @@ -120,6 +120,12 @@ std::shared_ptr<Credentials> JWTCredentials(const grpc::string& json_key, std::shared_ptr<Credentials> RefreshTokenCredentials( const grpc::string& json_refresh_token); +// Builds access token credentials. +// access_token is an oauth2 access token that was fetched using an out of band +// mechanism. +std::shared_ptr<Credentials> AccessTokenCredentials( + const grpc::string& access_token); + // Builds IAM credentials. std::shared_ptr<Credentials> IAMCredentials( const grpc::string& authorization_token, diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 7a6aa66670..1f91e65278 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -126,13 +126,18 @@ grpc_credentials *grpc_jwt_credentials_create(const char *json_key, grpc_credentials *grpc_refresh_token_credentials_create( const char *json_refresh_token); -/* Creates a fake transport security credentials object for testing. */ -grpc_credentials *grpc_fake_transport_security_credentials_create(void); +/* Creates an Oauth2 Access Token credentials with an access token that was + aquired by an out of band mechanism. */ +grpc_credentials *grpc_access_token_credentials_create( + const char *access_token); /* Creates an IAM credentials object. */ grpc_credentials *grpc_iam_credentials_create(const char *authorization_token, const char *authority_selector); +/* Creates a fake transport security credentials object for testing. */ +grpc_credentials *grpc_fake_transport_security_credentials_create(void); + /* --- Secure channel creation. --- */ /* The caller of the secure_channel_create functions may override the target diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c index acea676670..8d694c2f79 100644 --- a/src/core/security/credentials.c +++ b/src/core/security/credentials.c @@ -875,6 +875,59 @@ grpc_credentials *grpc_fake_oauth2_credentials_create( return &c->base; } +/* -- Oauth2 Access Token credentials. -- */ + +typedef struct { + grpc_credentials base; + grpc_credentials_md_store *access_token_md; +} grpc_access_token_credentials; + +static void access_token_destroy(grpc_credentials *creds) { + grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; + grpc_credentials_md_store_unref(c->access_token_md); + gpr_free(c); +} + +static int access_token_has_request_metadata(const grpc_credentials *creds) { + return 1; +} + +static int access_token_has_request_metadata_only( + const grpc_credentials *creds) { + return 1; +} + +static void access_token_get_request_metadata(grpc_credentials *creds, + grpc_pollset *pollset, + const char *service_url, + grpc_credentials_metadata_cb cb, + void *user_data) { + grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; + cb(user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK); +} + +static grpc_credentials_vtable access_token_vtable = { + access_token_destroy, access_token_has_request_metadata, + access_token_has_request_metadata_only, access_token_get_request_metadata, + NULL}; + +grpc_credentials *grpc_access_token_credentials_create( + const char *access_token) { + grpc_access_token_credentials *c = + gpr_malloc(sizeof(grpc_access_token_credentials)); + char *token_md_value; + memset(c, 0, sizeof(grpc_access_token_credentials)); + c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; + c->base.vtable = &access_token_vtable; + gpr_ref_init(&c->base.refcount, 1); + c->access_token_md = grpc_credentials_md_store_create(1); + gpr_asprintf(&token_md_value, "Bearer %s", access_token); + grpc_credentials_md_store_add_cstrings( + c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value); + gpr_free(token_md_value); + return &c->base; +} + /* -- Fake transport security credentials. -- */ static void fake_transport_security_credentials_destroy( diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc index b5134b3140..4d200908fb 100644 --- a/src/cpp/client/secure_credentials.cc +++ b/src/cpp/client/secure_credentials.cc @@ -117,6 +117,13 @@ std::shared_ptr<Credentials> RefreshTokenCredentials( grpc_refresh_token_credentials_create(json_refresh_token.c_str())); } +// Builds access token credentials. +std::shared_ptr<Credentials> AccessTokenCredentials( + const grpc::string& access_token) { + return WrapCredentials( + grpc_access_token_credentials_create(access_token.c_str())); +} + // Builds IAM credentials. std::shared_ptr<Credentials> IAMCredentials( const grpc::string& authorization_token, diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c index 4253be6b07..e8bb730849 100644 --- a/test/core/security/credentials_test.c +++ b/test/core/security/credentials_test.c @@ -331,6 +331,27 @@ static void test_iam_creds(void) { check_iam_metadata, creds); } +static void check_access_token_metadata(void *user_data, + grpc_credentials_md *md_elems, + size_t num_md, + grpc_credentials_status status) { + grpc_credentials *c = (grpc_credentials *)user_data; + expected_md emd[] = {{GRPC_AUTHORIZATION_METADATA_KEY, "Bearer blah"}}; + GPR_ASSERT(status == GRPC_CREDENTIALS_OK); + GPR_ASSERT(num_md == 1); + check_metadata(emd, md_elems, num_md); + grpc_credentials_unref(c); +} + +static void test_access_token_creds(void) { + grpc_credentials *creds = grpc_access_token_credentials_create("blah"); + GPR_ASSERT(grpc_credentials_has_request_metadata(creds)); + GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds)); + GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); + grpc_credentials_get_request_metadata(creds, NULL, test_service_url, + check_access_token_metadata, creds); +} + static void check_ssl_oauth2_composite_metadata( void *user_data, grpc_credentials_md *md_elems, size_t num_md, grpc_credentials_status status) { @@ -863,6 +884,7 @@ int main(int argc, char **argv) { test_oauth2_token_fetcher_creds_parsing_missing_token_type(); test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime(); test_iam_creds(); + test_access_token_creds(); test_ssl_oauth2_composite_creds(); test_ssl_oauth2_iam_composite_creds(); test_compute_engine_creds_success(); |