func oAuth2Client()

in mito.go [491:576]


func oAuth2Client(cfg OAuth2) (*http.Client, error) {
	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, &http.Client{})

	switch prov := strings.ToLower(cfg.Provider); prov {
	case "":
		if cfg.User != "" || cfg.Password != "" {
			var clientSecret string
			if cfg.ClientSecret != nil {
				clientSecret = *cfg.ClientSecret
			}
			oauth2cfg := &oauth2.Config{
				ClientID:     cfg.ClientID,
				ClientSecret: clientSecret,
				Endpoint: oauth2.Endpoint{
					TokenURL:  cfg.TokenURL,
					AuthStyle: oauth2.AuthStyleAutoDetect,
				},
			}
			token, err := oauth2cfg.PasswordCredentialsToken(ctx, cfg.User, cfg.Password)
			if err != nil {
				return nil, fmt.Errorf("oauth2: error loading credentials using user and password: %w", err)
			}
			return oauth2cfg.Client(ctx, token), nil
		}

		fallthrough
	case "azure":
		var token string
		if prov == "azure" {
			if cfg.TokenURL == "" {
				token = endpoints.AzureAD(cfg.AzureTenantID).TokenURL
			}
			if cfg.AzureResource != "" {
				if cfg.EndpointParams == nil {
					cfg.EndpointParams = make(url.Values)
				}
				cfg.EndpointParams.Set("resource", cfg.AzureResource)
			}
		}
		var clientSecret string
		if cfg.ClientSecret != nil {
			clientSecret = *cfg.ClientSecret
		}
		return (&clientcredentials.Config{
			ClientID:       cfg.ClientID,
			ClientSecret:   clientSecret,
			TokenURL:       token,
			Scopes:         cfg.Scopes,
			EndpointParams: cfg.EndpointParams,
		}).Client(ctx), nil

	case "google":
		creds, err := google.FindDefaultCredentials(ctx, cfg.Scopes...)
		if err == nil {
			return nil, fmt.Errorf("oauth2: error loading default credentials: %w", err)
		}
		cfg.GoogleCredentialsJSON = string(creds.JSON)

		if cfg.GoogleJWTFile != "" {
			b, err := os.ReadFile(cfg.GoogleJWTFile)
			if err != nil {
				return nil, err
			}
			cfg.GoogleJWTJSON = string(b)
		}
		if cfg.GoogleJWTJSON != "" {
			if !json.Valid([]byte(cfg.GoogleJWTJSON)) {
				return nil, fmt.Errorf("invalid google jwt: %s", cfg.GoogleJWTJSON)
			}
			googCfg, err := google.JWTConfigFromJSON([]byte(cfg.GoogleJWTJSON), cfg.Scopes...)
			if err != nil {
				return nil, fmt.Errorf("oauth2: error loading jwt credentials: %w", err)
			}
			googCfg.Subject = cfg.GoogleDelegatedAccount
			return googCfg.Client(ctx), nil
		}

		creds, err = google.CredentialsFromJSON(ctx, []byte(cfg.GoogleCredentialsJSON), cfg.Scopes...)
		if err != nil {
			return nil, fmt.Errorf("oauth2: error loading credentials: %w", err)
		}
		return oauth2.NewClient(ctx, creds.TokenSource), nil
	default:
		return nil, errors.New("oauth2: unknown provider")
	}
}