ipn: add Login backend command for sign-in with token

The StartLoginInteractive command is for delegating the sign-in flow to a browser. The Android Gooogle Sign-In SDK inverts the flow by giving the client ID tokens. Add a new backend command for accepting such tokens by exposing the existing controlclient.Client.Login support for OAuth2 tokens. Introduce a custom TokenType to distinguish ID tokens from other OAuth2 tokens. Signed-off-by: Elias Naur <mail@eliasnaur.com>
2025-10-27 11:41:14 +00:00 · 2020-07-13 22:13:11 +02:00
parent 969206fe88
commit 6e8f0860af
6 changed files with 48 additions and 0 deletions
--- a/ipn/message.go
+++ b/ipn/message.go
@@ -13,6 +13,7 @@ import (
 	"log"
 	"time"

+	"golang.org/x/oauth2"
 	"tailscale.com/types/logger"
 	"tailscale.com/types/structs"
 	"tailscale.com/version"
@@ -49,6 +50,7 @@ type Command struct {
 	Quit                  *NoArgs
 	Start                 *StartArgs
 	StartLoginInteractive *NoArgs
+	Login                 *oauth2.Token
 	Logout                *NoArgs
 	SetPrefs              *SetPrefsArgs
 	RequestEngineStatus   *NoArgs
@@ -128,6 +130,9 @@ func (bs *BackendServer) GotCommand(cmd *Command) error {
 	} else if c := cmd.StartLoginInteractive; c != nil {
 		bs.b.StartLoginInteractive()
 		return nil
+	} else if c := cmd.Login; c != nil {
+		bs.b.Login(c)
+		return nil
 	} else if c := cmd.Logout; c != nil {
 		bs.b.Logout()
 		return nil
@@ -225,6 +230,10 @@ func (bc *BackendClient) StartLoginInteractive() {
 	bc.send(Command{StartLoginInteractive: &NoArgs{}})
 }

+func (bc *BackendClient) Login(token *oauth2.Token) {
+	bc.send(Command{Login: token})
+}
+
 func (bc *BackendClient) Logout() {
 	bc.send(Command{Logout: &NoArgs{}})
 }