// Copyright (c) 2016 VMware, Inc. All Rights Reserved. // // This product is licensed to you under the Apache License, Version 2.0 (the "License"). // You may not use this product except in compliance with the License. // // This product may include a number of subcomponents with separate copyright notices and // license terms. Your use of these subcomponents is subject to the terms and conditions // of the subcomponent's license, as noted in the LICENSE file. package photon import ( "encoding/json" "fmt" "github.com/vmware/photon-controller-go-sdk/photon/lightwave" ) // Contains functionality for auth API. type AuthAPI struct { client *Client } const authUrl string = rootUrl + "/auth" // Gets authentication info. func (api *AuthAPI) Get() (info *AuthInfo, err error) { res, err := api.client.restClient.Get(api.client.Endpoint+authUrl, nil) if err != nil { return } defer res.Body.Close() res, err = getError(res) if err != nil { return } info = &AuthInfo{} err = json.NewDecoder(res.Body).Decode(info) return } // Gets Tokens from username/password. func (api *AuthAPI) GetTokensByPassword(username string, password string) (tokenOptions *TokenOptions, err error) { oidcClient, err := api.buildOIDCClient() if err != nil { return } tokenResponse, err := oidcClient.GetTokenByPasswordGrant(username, password) if err != nil { return } return api.toTokenOptions(tokenResponse), nil } // GetTokensFromWindowsLogInContext gets tokens based on Windows logged in context // In case of running on platform other than Windows, it returns error func (api *AuthAPI) GetTokensFromWindowsLogInContext() (tokenOptions *TokenOptions, err error) { oidcClient, err := api.buildOIDCClient() if err != nil { return } tokenResponse, err := oidcClient.GetTokensFromWindowsLogInContext() if err != nil { return } return api.toTokenOptions(tokenResponse), nil } // Gets tokens from refresh token. func (api *AuthAPI) GetTokensByRefreshToken(refreshtoken string) (tokenOptions *TokenOptions, err error) { oidcClient, err := api.buildOIDCClient() if err != nil { return } tokenResponse, err := oidcClient.GetTokenByRefreshTokenGrant(refreshtoken) if err != nil { return } return api.toTokenOptions(tokenResponse), nil } func (api *AuthAPI) getAuthEndpoint() (endpoint string, err error) { authInfo, err := api.client.Auth.Get() if err != nil { return } if authInfo.Port == 0 { authInfo.Port = 443 } return fmt.Sprintf("https://%s:%d", authInfo.Endpoint, authInfo.Port), nil } func (api *AuthAPI) buildOIDCClient() (client *lightwave.OIDCClient, err error) { authEndPoint, err := api.getAuthEndpoint() if err != nil { return } return lightwave.NewOIDCClient( authEndPoint, api.buildOIDCClientOptions(&api.client.options), api.client.restClient.logger), nil } const tokenScope string = "openid offline_access rs_photon_platform at_groups" func (api *AuthAPI) buildOIDCClientOptions(options *ClientOptions) *lightwave.OIDCClientOptions { return &lightwave.OIDCClientOptions{ IgnoreCertificate: api.client.options.IgnoreCertificate, RootCAs: api.client.options.RootCAs, TokenScope: tokenScope, } } func (api *AuthAPI) toTokenOptions(response *lightwave.OIDCTokenResponse) *TokenOptions { return &TokenOptions{ AccessToken: response.AccessToken, ExpiresIn: response.ExpiresIn, RefreshToken: response.RefreshToken, IdToken: response.IdToken, TokenType: response.TokenType, } } // Parse the given token details. func (api *AuthAPI) parseTokenDetails(token string) (jwtToken *lightwave.JWTToken, err error) { jwtToken = lightwave.ParseTokenDetails(token) return jwtToken, nil } // Parse the given token raw details. func (api *AuthAPI) parseRawTokenDetails(token string) (jwtToken []string, err error) { jwtToken, err = lightwave.ParseRawTokenDetails(token) return jwtToken, err }