67 lines
2.5 KiB
Go
67 lines
2.5 KiB
Go
|
package server
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
"time"
|
||
|
|
||
|
"github.com/superseriousbusiness/oauth2/v4"
|
||
|
"github.com/superseriousbusiness/oauth2/v4/errors"
|
||
|
)
|
||
|
|
||
|
type (
|
||
|
// ClientInfoHandler get client info from request
|
||
|
ClientInfoHandler func(r *http.Request) (clientID, clientSecret string, err error)
|
||
|
|
||
|
// ClientAuthorizedHandler check the client allows to use this authorization grant type
|
||
|
ClientAuthorizedHandler func(clientID string, grant oauth2.GrantType) (allowed bool, err error)
|
||
|
|
||
|
// ClientScopeHandler check the client allows to use scope
|
||
|
ClientScopeHandler func(clientID, scope string) (allowed bool, err error)
|
||
|
|
||
|
// UserAuthorizationHandler get user id from request authorization
|
||
|
UserAuthorizationHandler func(w http.ResponseWriter, r *http.Request) (userID string, err error)
|
||
|
|
||
|
// PasswordAuthorizationHandler get user id from username and password
|
||
|
PasswordAuthorizationHandler func(username, password string) (userID string, err error)
|
||
|
|
||
|
// RefreshingScopeHandler check the scope of the refreshing token
|
||
|
RefreshingScopeHandler func(newScope, oldScope string) (allowed bool, err error)
|
||
|
|
||
|
//RefreshingValidationHandler check if refresh_token is still valid. eg no revocation or other
|
||
|
RefreshingValidationHandler func(ti oauth2.TokenInfo) (allowed bool, err error)
|
||
|
|
||
|
// ResponseErrorHandler response error handing
|
||
|
ResponseErrorHandler func(re *errors.Response)
|
||
|
|
||
|
// InternalErrorHandler internal error handing
|
||
|
InternalErrorHandler func(err error) (re *errors.Response)
|
||
|
|
||
|
// AuthorizeScopeHandler set the authorized scope
|
||
|
AuthorizeScopeHandler func(w http.ResponseWriter, r *http.Request) (scope string, err error)
|
||
|
|
||
|
// AccessTokenExpHandler set expiration date for the access token
|
||
|
AccessTokenExpHandler func(w http.ResponseWriter, r *http.Request) (exp time.Duration, err error)
|
||
|
|
||
|
// ExtensionFieldsHandler in response to the access token with the extension of the field
|
||
|
ExtensionFieldsHandler func(ti oauth2.TokenInfo) (fieldsValue map[string]interface{})
|
||
|
)
|
||
|
|
||
|
// ClientFormHandler get client data from form
|
||
|
func ClientFormHandler(r *http.Request) (string, string, error) {
|
||
|
clientID := r.Form.Get("client_id")
|
||
|
if clientID == "" {
|
||
|
return "", "", errors.ErrInvalidClient
|
||
|
}
|
||
|
clientSecret := r.Form.Get("client_secret")
|
||
|
return clientID, clientSecret, nil
|
||
|
}
|
||
|
|
||
|
// ClientBasicHandler get client data from basic authorization
|
||
|
func ClientBasicHandler(r *http.Request) (string, string, error) {
|
||
|
username, password, ok := r.BasicAuth()
|
||
|
if !ok {
|
||
|
return "", "", errors.ErrInvalidClient
|
||
|
}
|
||
|
return username, password, nil
|
||
|
}
|