github.com/caputomarcos/go-oauth2-server@v1.0.1/oauth/handlers.go

github.com/caputomarcos/go-oauth2-server@v1.0.1/oauth/handlers.go (about)

     1  package oauth
     2  
     3  import (
     4  	"errors"
     5  	"net/http"
     6  
     7  	"github.com/RichardKnop/go-oauth2-server/models"
     8  	"github.com/RichardKnop/go-oauth2-server/util/response"
     9  )
    10  
    11  var (
    12  	// ErrInvalidGrantType ...
    13  	ErrInvalidGrantType = errors.New("Invalid grant type")
    14  	// ErrInvalidClientIDOrSecret ...
    15  	ErrInvalidClientIDOrSecret = errors.New("Invalid client ID or secret")
    16  )
    17  
    18  // tokensHandler handles all OAuth 2.0 grant types
    19  // (POST /v1/oauth/tokens)
    20  func (s *Service) tokensHandler(w http.ResponseWriter, r *http.Request) {
    21  	// Parse the form so r.Form becomes available
    22  	if err := r.ParseForm(); err != nil {
    23  		response.Error(w, err.Error(), http.StatusInternalServerError)
    24  		return
    25  	}
    26  
    27  	// Map of grant types against handler functions
    28  	grantTypes := map[string]func(r *http.Request, client *models.OauthClient) (*AccessTokenResponse, error){
    29  		"authorization_code": s.authorizationCodeGrant,
    30  		"password":           s.passwordGrant,
    31  		"client_credentials": s.clientCredentialsGrant,
    32  		"refresh_token":      s.refreshTokenGrant,
    33  	}
    34  
    35  	// Check the grant type
    36  	grantHandler, ok := grantTypes[r.Form.Get("grant_type")]
    37  	if !ok {
    38  		response.Error(w, ErrInvalidGrantType.Error(), http.StatusBadRequest)
    39  		return
    40  	}
    41  
    42  	// Client auth
    43  	client, err := s.basicAuthClient(r)
    44  	if err != nil {
    45  		response.UnauthorizedError(w, err.Error())
    46  		return
    47  	}
    48  
    49  	// Grant processing
    50  	resp, err := grantHandler(r, client)
    51  	if err != nil {
    52  		response.Error(w, err.Error(), getErrStatusCode(err))
    53  		return
    54  	}
    55  
    56  	// Write response to json
    57  	response.WriteJSON(w, resp, 200)
    58  }
    59  
    60  // introspectHandler handles OAuth 2.0 introspect request
    61  // (POST /v1/oauth/introspect)
    62  func (s *Service) introspectHandler(w http.ResponseWriter, r *http.Request) {
    63  	// Client auth
    64  	client, err := s.basicAuthClient(r)
    65  	if err != nil {
    66  		response.UnauthorizedError(w, err.Error())
    67  		return
    68  	}
    69  
    70  	// Introspect the token
    71  	resp, err := s.introspectToken(r, client)
    72  	if err != nil {
    73  		response.Error(w, err.Error(), getErrStatusCode(err))
    74  		return
    75  	}
    76  
    77  	// Write response to json
    78  	response.WriteJSON(w, resp, 200)
    79  }
    80  
    81  // Get client credentials from basic auth and try to authenticate client
    82  func (s *Service) basicAuthClient(r *http.Request) (*models.OauthClient, error) {
    83  	// Get client credentials from basic auth
    84  	clientID, secret, ok := r.BasicAuth()
    85  	if !ok {
    86  		return nil, ErrInvalidClientIDOrSecret
    87  	}
    88  
    89  	// Authenticate the client
    90  	client, err := s.AuthClient(clientID, secret)
    91  	if err != nil {
    92  		// For security reasons, return a general error message
    93  		return nil, ErrInvalidClientIDOrSecret
    94  	}
    95  
    96  	return client, nil
    97  }