in jira/jira.go [80:143]
func (js jwtSource) Token() (*oauth2.Token, error) {
exp := time.Duration(59) * time.Second
claimSet := &ClaimSet{
Issuer: fmt.Sprintf("urn:atlassian:connect:clientid:%s", js.conf.ClientID),
Subject: fmt.Sprintf("urn:atlassian:connect:useraccountid:%s", js.conf.Subject),
InstalledURL: js.conf.BaseURL,
AuthURL: js.conf.Endpoint.AuthURL,
IssuedAt: time.Now().Unix(),
ExpiresIn: time.Now().Add(exp).Unix(),
}
v := url.Values{}
v.Set("grant_type", defaultGrantType)
// Add scopes if they exist; If not, it defaults to app scopes
if scopes := js.conf.Scopes; scopes != nil {
upperScopes := make([]string, len(scopes))
for i, k := range scopes {
upperScopes[i] = strings.ToUpper(k)
}
v.Set("scope", strings.Join(upperScopes, "+"))
}
// Sign claims for assertion
assertion, err := sign(js.conf.ClientSecret, claimSet)
if err != nil {
return nil, err
}
v.Set("assertion", string(assertion))
// Fetch access token from auth server
hc := oauth2.NewClient(js.ctx, nil)
resp, err := hc.PostForm(js.conf.Endpoint.TokenURL, v)
if err != nil {
return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
if err != nil {
return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
}
if c := resp.StatusCode; c < 200 || c > 299 {
return nil, fmt.Errorf("oauth2: cannot fetch token: %v\nResponse: %s", resp.Status, body)
}
// tokenRes is the JSON response body.
var tokenRes struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"` // relative seconds from now
}
if err := json.Unmarshal(body, &tokenRes); err != nil {
return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
}
token := &oauth2.Token{
AccessToken: tokenRes.AccessToken,
TokenType: tokenRes.TokenType,
}
if secs := tokenRes.ExpiresIn; secs > 0 {
token.Expiry = time.Now().Add(time.Duration(secs) * time.Second)
}
return token, nil
}