zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-12 22:38:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Make first pass at new OAuth-aware server authentication framework

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147081745
This commit is contained in:
mountford 2017-02-09 14:28:23 -08:00 committed by Ben McIlwain
parent cb215adac3
commit c41f5bb31c
17 changed files with 327 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

39
java/google/registry/config/RegistryConfig.java
View file

@ -23,6 +23,7 @@ import com.google.common.base.Optional;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.net.HostAndPort;
import dagger.Module;
import dagger.Provides;
@ -904,6 +905,44 @@ public final class RegistryConfig {
return CONFIG_SETTINGS.get();
}
/**
* Provides the OAuth scopes to check for on access tokens.
*
* <p>This list should be a superset of the required OAuth scope set provided below.
*
* <p>If we feel the need, we could define additional fixed scopes, similar to the Java remote
* API, which requires at least one of:
*
* <ul>
* <li>https://www.googleapis.com/auth/appengine.apis</li>
* <li>https://www.googleapis.com/auth/cloud-platform</li>
* </ul>
*/
@Provides
@Config("availableOauthScopes")
public static ImmutableSet<String> provideAvailableOauthScopes() {
return ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email");
}
/**
* Provides the required OAuth scopes for simply authenticating.
*
* <p>This set contains the scopes which must be present to authenticate a user. It should be a
* subset of the scopes we request from the OAuth interface, provided above.
*/
@Provides
@Config("requiredOauthScopes")
public static ImmutableSet<String> provideRequiredOauthScopes() {
return ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email");
}
/** Provides the allowed OAuth client IDs (could be multibinding). */
@Provides
@Config("allowedOauthClientIds")
public static ImmutableSet<String> provideAllowedOauthClientIds() {
return ImmutableSet.of("PUT.YOUR.PROXY.CLIENT.ID.HERE", "PUT.YOUR.REGTOOL.CLIENT.ID.HERE");
}
/**
* Returns the help path for the RDAP terms of service.
*