add header basic authorization

README.md

@@ -43,6 +43,7 @@ Usage of ./gooauth_proxy:
   -client-secret="": the OAuth Client Secret
   -cookie-domain="": an optional cookie domain to force cookies to
   -cookie-secret="": the seed string for secure cookies
+  -header-basic-auth=false: use Authorization: Basic header for authorization (see RFC 2617 section 2)
   -google-apps-domain="": authenticate against the given google apps domain
   -http-address="127.0.0.1:4180": <addr>:<port> to listen on for HTTP clients
   -pass-basic-auth=true: pass HTTP Basic Auth information to upstream

main.go

@@ -19,6 +19,7 @@ var (
 	redirectUrl             = flag.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
 	clientID                = flag.String("client-id", "", "the Oauth Client ID: ie: \"123456.apps.googleusercontent.com\"")
 	clientSecret            = flag.String("client-secret", "", "the OAuth Client Secret")
+	headerBasicAuth         = flag.Bool("header-basic-auth", false, "use Authorization: Basic header for authorization")
 	loginUrl                = flag.String("login-url", "", "the OAuth Login URL")
 	redemptionUrl           = flag.String("redemption-url", "", "the OAuth code redemption URL")
 	cookieSecret            = flag.String("cookie-secret", "", "the seed string for secure cookies")
@@ -79,7 +80,7 @@ func main() {
 	}
 
 	validator := NewCommandValidator(*userVerificationCommand)
-	oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, *loginUrl, *redemptionUrl, *oauthScope, validator)
+	oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, *headerBasicAuth, *loginUrl, *redemptionUrl, *oauthScope, validator)
 	oauthproxy.SetRedirectUrl(redirectUrl)
 
 	listener, err := net.Listen("tcp", *httpAddr)

oauthproxy.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"bytes"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"github.com/bitly/go-simplejson"
@@ -29,11 +30,12 @@ type OauthProxy struct {
 	oauthScope         string
 	clientID           string
 	clientSecret       string
+	headerBasicAuth    bool
 	SignInMessage      string
 	serveMux           *http.ServeMux
 }
 
-func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, oauthLoginUrl string, oauthRedemptionUrl string, oauthScope string, validator func(string) bool) *OauthProxy {
+func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, headerBasicAuth bool, oauthLoginUrl string, oauthRedemptionUrl string, oauthScope string, validator func(string) bool) *OauthProxy {
 	login, _ := url.Parse(oauthLoginUrl)
 	redeem, _ := url.Parse(oauthRedemptionUrl)
 	serveMux := http.NewServeMux()
@@ -50,6 +52,7 @@ func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, o
 
 		clientID:           clientID,
 		clientSecret:       clientSecret,
+		headerBasicAuth:    headerBasicAuth,
 		oauthScope:         oauthScope,
 		oauthRedemptionUrl: redeem,
 		oauthLoginUrl:      login,
@@ -104,6 +107,10 @@ func (p *OauthProxy) redeemCode(code string) (string, error) {
 	params.Add("grant_type", "authorization_code")
 	req, err := http.NewRequest("POST", p.oauthRedemptionUrl.String(), bytes.NewBufferString(params.Encode()))
 	req.Header.Set("Accept", "application/json")
+	if p.headerBasicAuth {
+		token := []byte(fmt.Sprintf("%s:%s", p.clientID, p.clientSecret))
+		req.Header.Set("Authorization", fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString(token)))
+	}
 	if err != nil {
 		log.Printf("failed building request %s", err.Error())
 		return "", err