github.com/Richardknop/go-oauth2-server@v1.0.1/oauth/handlers.go (about) 1 package oauth 2 3 import ( 4 "errors" 5 "net/http" 6 7 "github.com/RichardKnop/go-oauth2-server/models" 8 "github.com/RichardKnop/go-oauth2-server/util/response" 9 ) 10 11 var ( 12 // ErrInvalidGrantType ... 13 ErrInvalidGrantType = errors.New("Invalid grant type") 14 // ErrInvalidClientIDOrSecret ... 15 ErrInvalidClientIDOrSecret = errors.New("Invalid client ID or secret") 16 ) 17 18 // tokensHandler handles all OAuth 2.0 grant types 19 // (POST /v1/oauth/tokens) 20 func (s *Service) tokensHandler(w http.ResponseWriter, r *http.Request) { 21 // Parse the form so r.Form becomes available 22 if err := r.ParseForm(); err != nil { 23 response.Error(w, err.Error(), http.StatusInternalServerError) 24 return 25 } 26 27 // Map of grant types against handler functions 28 grantTypes := map[string]func(r *http.Request, client *models.OauthClient) (*AccessTokenResponse, error){ 29 "authorization_code": s.authorizationCodeGrant, 30 "password": s.passwordGrant, 31 "client_credentials": s.clientCredentialsGrant, 32 "refresh_token": s.refreshTokenGrant, 33 } 34 35 // Check the grant type 36 grantHandler, ok := grantTypes[r.Form.Get("grant_type")] 37 if !ok { 38 response.Error(w, ErrInvalidGrantType.Error(), http.StatusBadRequest) 39 return 40 } 41 42 // Client auth 43 client, err := s.basicAuthClient(r) 44 if err != nil { 45 response.UnauthorizedError(w, err.Error()) 46 return 47 } 48 49 // Grant processing 50 resp, err := grantHandler(r, client) 51 if err != nil { 52 response.Error(w, err.Error(), getErrStatusCode(err)) 53 return 54 } 55 56 // Write response to json 57 response.WriteJSON(w, resp, 200) 58 } 59 60 // introspectHandler handles OAuth 2.0 introspect request 61 // (POST /v1/oauth/introspect) 62 func (s *Service) introspectHandler(w http.ResponseWriter, r *http.Request) { 63 // Client auth 64 client, err := s.basicAuthClient(r) 65 if err != nil { 66 response.UnauthorizedError(w, err.Error()) 67 return 68 } 69 70 // Introspect the token 71 resp, err := s.introspectToken(r, client) 72 if err != nil { 73 response.Error(w, err.Error(), getErrStatusCode(err)) 74 return 75 } 76 77 // Write response to json 78 response.WriteJSON(w, resp, 200) 79 } 80 81 // Get client credentials from basic auth and try to authenticate client 82 func (s *Service) basicAuthClient(r *http.Request) (*models.OauthClient, error) { 83 // Get client credentials from basic auth 84 clientID, secret, ok := r.BasicAuth() 85 if !ok { 86 return nil, ErrInvalidClientIDOrSecret 87 } 88 89 // Authenticate the client 90 client, err := s.AuthClient(clientID, secret) 91 if err != nil { 92 // For security reasons, return a general error message 93 return nil, ErrInvalidClientIDOrSecret 94 } 95 96 return client, nil 97 }