diff --git a/Documentation/grpc-auth-support.md b/Documentation/grpc-auth-support.md index 0a6b9f52c1c..1362eeaa4ae 100644 --- a/Documentation/grpc-auth-support.md +++ b/Documentation/grpc-auth-support.md @@ -53,7 +53,7 @@ Alternatively, a client may also use the `grpc.CallOption` on each invocation of an RPC. To create a `credentials.PerRPCCredentials`, use -[oauth.NewOauthAccess](https://godoc.org/google.golang.org/grpc/credentials/oauth#NewOauthAccess). +[oauth.TokenSource](https://godoc.org/google.golang.org/grpc/credentials/oauth#TokenSource). Note, the OAuth2 implementation of `grpc.PerRPCCredentials` requires a client to use [grpc.WithTransportCredentials](https://godoc.org/google.golang.org/grpc#WithTransportCredentials) to prevent any insecure transmission of tokens. diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go index c748fd21ce2..8eedfea2c22 100644 --- a/credentials/oauth/oauth.go +++ b/credentials/oauth/oauth.go @@ -121,6 +121,8 @@ type oauthAccess struct { } // NewOauthAccess constructs the PerRPCCredentials using a given token. +// +// Deprecated: use oauth.TokenSource instead. func NewOauthAccess(token *oauth2.Token) credentials.PerRPCCredentials { return oauthAccess{token: *token} } diff --git a/examples/features/authentication/README.md b/examples/features/authentication/README.md index 0ba3f9469fc..57028b8795d 100644 --- a/examples/features/authentication/README.md +++ b/examples/features/authentication/README.md @@ -29,9 +29,9 @@ https://godoc.org/google.golang.org/grpc/credentials/oauth for details. #### Client -On client side, users should first get a valid oauth token, and then call -[`credentials.NewOauthAccess`](https://godoc.org/google.golang.org/grpc/credentials/oauth#NewOauthAccess) -to initialize a `credentials.PerRPCCredentials` with it. Next, if user wants to +On client side, users should first get a valid oauth token, and then initialize a +[`oauth.TokenSource`](https://godoc.org/google.golang.org/grpc/credentials/oauth#TokenSource) +which implements `credentials.PerRPCCredentials`. Next, if user wants to apply a single OAuth token for all RPC calls on the same connection, then configure grpc `Dial` with `DialOption` [`WithPerRPCCredentials`](https://godoc.org/google.golang.org/grpc#WithPerRPCCredentials). diff --git a/examples/features/authentication/client/main.go b/examples/features/authentication/client/main.go index ec46f2c52da..a189b4be8cf 100644 --- a/examples/features/authentication/client/main.go +++ b/examples/features/authentication/client/main.go @@ -50,7 +50,7 @@ func main() { flag.Parse() // Set up the credentials for the connection. - perRPC := oauth.NewOauthAccess(fetchToken()) + perRPC := oauth.TokenSource{TokenSource: oauth2.StaticTokenSource(fetchToken())} creds, err := credentials.NewClientTLSFromFile(data.Path("x509/ca_cert.pem"), "x.test.example.com") if err != nil { log.Fatalf("failed to load credentials: %v", err) @@ -61,7 +61,7 @@ func main() { // itself. // See: https://godoc.org/google.golang.org/grpc#PerRPCCredentials grpc.WithPerRPCCredentials(perRPC), - // oauth.NewOauthAccess requires the configuration of transport + // oauth.TokenSource requires the configuration of transport // credentials. grpc.WithTransportCredentials(creds), } diff --git a/examples/features/interceptor/client/main.go b/examples/features/interceptor/client/main.go index eba69b3c988..0832e4861cd 100644 --- a/examples/features/interceptor/client/main.go +++ b/examples/features/interceptor/client/main.go @@ -55,9 +55,9 @@ func unaryInterceptor(ctx context.Context, method string, req, reply interface{} } } if !credsConfigured { - opts = append(opts, grpc.PerRPCCredentials(oauth.NewOauthAccess(&oauth2.Token{ - AccessToken: fallbackToken, - }))) + opts = append(opts, grpc.PerRPCCredentials(oauth.TokenSource{ + TokenSource: oauth2.StaticTokenSource(&oauth2.Token{AccessToken: fallbackToken}), + })) } start := time.Now() err := invoker(ctx, method, req, reply, cc, opts...) @@ -97,9 +97,9 @@ func streamInterceptor(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.Clie } } if !credsConfigured { - opts = append(opts, grpc.PerRPCCredentials(oauth.NewOauthAccess(&oauth2.Token{ - AccessToken: fallbackToken, - }))) + opts = append(opts, grpc.PerRPCCredentials(oauth.TokenSource{ + TokenSource: oauth2.StaticTokenSource(&oauth2.Token{AccessToken: fallbackToken}), + })) } s, err := streamer(ctx, desc, cc, method, opts...) if err != nil { diff --git a/interop/client/client.go b/interop/client/client.go index 1e3a46a7574..194c3766478 100644 --- a/interop/client/client.go +++ b/interop/client/client.go @@ -28,6 +28,7 @@ import ( "strconv" "time" + "golang.org/x/oauth2" "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials/alts" @@ -201,7 +202,7 @@ func main() { } opts = append(opts, grpc.WithPerRPCCredentials(jwtCreds)) } else if *testCase == "oauth2_auth_token" { - opts = append(opts, grpc.WithPerRPCCredentials(oauth.NewOauthAccess(interop.GetToken(*serviceAccountKeyFile, *oauthScope)))) + opts = append(opts, grpc.WithPerRPCCredentials(oauth.TokenSource{TokenSource: oauth2.StaticTokenSource(interop.GetToken(*serviceAccountKeyFile, *oauthScope))})) } } if len(*serviceConfigJSON) > 0 {