| // Copyright 2011 The goauth2 Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // This program makes a read only call to the Google Cloud Storage API, |
| // authenticated with OAuth2. A list of example APIs can be found at |
| // https://code.google.com/oauthplayground/ |
| package main |
| |
| import ( |
| "encoding/json" |
| "flag" |
| "fmt" |
| "io/ioutil" |
| "log" |
| "net/http" |
| "strings" |
| |
| "code.google.com/p/goauth2/oauth/jwt" |
| ) |
| |
| const scope = "https://www.googleapis.com/auth/devstorage.read_only" |
| |
| var ( |
| secretsFile = flag.String("s", "", "JSON encoded secrets for the service account") |
| pemFile = flag.String("k", "", "private pem key file for the service account") |
| ) |
| |
| const usageMsg = ` |
| You must specify -k and -s. |
| |
| To obtain client secrets and pem, see the "OAuth 2 Credentials" section under |
| the "API Access" tab on this page: https://code.google.com/apis/console/ |
| |
| Google Cloud Storage must also be turned on in the API console. |
| ` |
| |
| func main() { |
| flag.Parse() |
| |
| if *secretsFile == "" || *pemFile == "" { |
| flag.Usage() |
| fmt.Println(usageMsg) |
| return |
| } |
| |
| // Read the secret file bytes into the config. |
| secretBytes, err := ioutil.ReadFile(*secretsFile) |
| if err != nil { |
| log.Fatal("error reading secerets file:", err) |
| } |
| var config struct { |
| Web struct { |
| ClientEmail string `json:"client_email"` |
| ClientID string `json:"client_id"` |
| TokenURI string `json:"token_uri"` |
| } |
| } |
| err = json.Unmarshal(secretBytes, &config) |
| if err != nil { |
| log.Fatal("error unmarshalling secerets:", err) |
| } |
| |
| // Get the project ID from the client ID. |
| projectID := strings.SplitN(config.Web.ClientID, "-", 2)[0] |
| |
| // Read the pem file bytes for the private key. |
| keyBytes, err := ioutil.ReadFile(*pemFile) |
| if err != nil { |
| log.Fatal("error reading private key file:", err) |
| } |
| |
| // Craft the ClaimSet and JWT token. |
| t := jwt.NewToken(config.Web.ClientEmail, scope, keyBytes) |
| t.ClaimSet.Aud = config.Web.TokenURI |
| |
| // We need to provide a client. |
| c := &http.Client{} |
| |
| // Get the access token. |
| o, err := t.Assert(c) |
| if err != nil { |
| log.Fatal("assertion error:", err) |
| } |
| |
| // Refresh token will be missing, but this access_token will be good |
| // for one hour. |
| fmt.Printf("access_token = %v\n", o.AccessToken) |
| fmt.Printf("refresh_token = %v\n", o.RefreshToken) |
| fmt.Printf("expires %v\n", o.Expiry) |
| |
| // Form the request to list Google Cloud Storage buckets. |
| req, err := http.NewRequest("GET", "https://storage.googleapis.com/", nil) |
| if err != nil { |
| log.Fatal("http.NewRequest:", err) |
| } |
| req.Header.Set("Authorization", "OAuth "+o.AccessToken) |
| req.Header.Set("x-goog-api-version", "2") |
| req.Header.Set("x-goog-project-id", projectID) |
| |
| // Make the request. |
| r, err := c.Do(req) |
| if err != nil { |
| log.Fatal("API request error:", err) |
| } |
| defer r.Body.Close() |
| |
| // Write the response to standard output. |
| res, err := ioutil.ReadAll(r.Body) |
| if err != nil { |
| log.Fatal("error reading API request results:", err) |
| } |
| fmt.Printf("\nRESULT:\n%s\n", res) |
| } |