func (h *Handler) TokenHandler(w http.ResponseWriter, r *http.Request) {
resp := h.server.NewResponse()
r.ParseForm()
defer resp.Close()
if ar := h.server.HandleAccessRequest(resp, r); ar != nil {
switch ar.Type {
case osin.AUTHORIZATION_CODE:
data, ok := ar.UserData.(string)
if !ok {
http.Error(w, fmt.Sprintf("Could not assert UserData to string: %v", ar.UserData), http.StatusInternalServerError)
return
}
var claims jwt.ClaimsCarrier
if err := json.Unmarshal([]byte(data), &claims); err != nil {
http.Error(w, fmt.Sprintf("Could not unmarshal UserData: %v", ar.UserData), http.StatusInternalServerError)
return
}
ar.UserData = jwt.NewClaimsCarrier(uuid.New(), claims.GetSubject(), h.Issuer, h.Audience, time.Now(), time.Now())
ar.Authorized = true
case osin.REFRESH_TOKEN:
data, ok := ar.UserData.(map[string]interface{})
if !ok {
http.Error(w, fmt.Sprintf("Could not assert UserData type: %v", ar.UserData), http.StatusInternalServerError)
return
}
claims := jwt.ClaimsCarrier(data)
ar.UserData = jwt.NewClaimsCarrier(uuid.New(), claims.GetSubject(), h.Issuer, h.Audience, time.Now(), time.Now())
ar.Authorized = true
case osin.PASSWORD:
// TODO if !ar.Client.isAllowedToAuthenticateUser
// TODO ... return
// TODO }
if user, err := h.authenticate(w, r, ar.Username, ar.Password); err == nil {
ar.UserData = jwt.NewClaimsCarrier(uuid.New(), user.GetID(), h.Issuer, h.Audience, time.Now(), time.Now())
ar.Authorized = true
}
case osin.CLIENT_CREDENTIALS:
ar.UserData = jwt.NewClaimsCarrier(uuid.New(), ar.Client.GetId(), h.Issuer, h.Audience, time.Now(), time.Now())
ar.Authorized = true
// TODO ASSERTION workflow http://leastprivilege.com/2013/12/23/advanced-oauth2-assertion-flow-why/
// TODO Since assertions are only a draft for now and there is no need for SAML or similar this is postponed.
//case osin.ASSERTION:
// if ar.AssertionType == "urn:hydra" && ar.Assertion == "osin.data" {
// ar.Authorized = true
// }
}
h.server.FinishAccessRequest(resp, r, ar)
}
if resp.IsError {
resp.StatusCode = http.StatusUnauthorized
}
osin.OutputJSON(resp, w, r)
}
func (h *Handler) InfoHandler(w http.ResponseWriter, r *http.Request) {
resp := h.server.NewResponse()
defer resp.Close()
if ir := h.server.HandleInfoRequest(resp, r); ir != nil {
h.server.FinishInfoRequest(resp, r, ir)
}
osin.OutputJSON(resp, w, r)
}
func (h *Handler) AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
resp := h.server.NewResponse()
defer resp.Close()
if ar := h.server.HandleAuthorizeRequest(resp, r); ar != nil {
// For now, a provider must be given.
// TODO there should be a fallback provider which is a redirect to the login endpoint. This should be configurable by env var.
// Let's see if this is a valid provider. If not, return an error.
provider, err := h.Providers.Find(r.URL.Query().Get("provider"))
if err != nil {
http.Error(w, fmt.Sprintf(`Provider "%s" not known.`, err), http.StatusBadRequest)
return
}
// This could be made configurable with `connection.GetCodeKeyName()`
code := r.URL.Query().Get("access_code")
if code == "" {
// If no code was given we have to initiate the provider's authorization workflow
url := provider.GetAuthCodeURL(ar)
http.Redirect(w, r, url, http.StatusFound)
return
}
// Create a session by exchanging the code for the auth code
connection, err := provider.Exchange(code)
if err != nil {
http.Error(w, fmt.Sprintf("Could not exchange access code: %s", err), http.StatusUnauthorized)
return
}
subject := connection.GetRemoteSubject()
user, err := h.Connections.FindByRemoteSubject(provider.GetID(), subject)
if err == account.ErrNotFound {
// The subject is not linked to any account.
http.Error(w, "Provided token is not linked to any existing account.", http.StatusUnauthorized)
return
} else if err != nil {
// Something else went wrong
http.Error(w, fmt.Sprintf("Could assert subject claim: %s", err), http.StatusInternalServerError)
return
}
ar.UserData = jwt.NewClaimsCarrier(uuid.New(), user.GetLocalSubject(), h.Issuer, h.Audience, time.Now(), time.Now())
ar.Authorized = true
h.server.FinishAuthorizeRequest(resp, r, ar)
}
if resp.IsError {
resp.StatusCode = http.StatusUnauthorized
}
osin.OutputJSON(resp, w, r)
}
func main() {
// create http muxes
serverhttp := http.NewServeMux()
clienthttp := http.NewServeMux()
// create server
config := osin.NewServerConfig()
sstorage := example.NewTestStorage()
sstorage.SetClient("1234", &osin.DefaultClient{
Id: "1234",
Secret: "aabbccdd",
RedirectUri: "http://localhost:14001/appauth",
})
server := osin.NewServer(config, sstorage)
// create client
cliconfig := &osincli.ClientConfig{
ClientId: "1234",
ClientSecret: "aabbccdd",
AuthorizeUrl: "http://localhost:14000/authorize",
TokenUrl: "http://localhost:14000/token",
RedirectUrl: "http://localhost:14001/appauth",
}
client, err := osincli.NewClient(cliconfig)
if err != nil {
panic(err)
}
// create a new request to generate the url
areq := client.NewAuthorizeRequest(osincli.CODE)
// SERVER
// Authorization code endpoint
serverhttp.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {
if !example.HandleLoginPage(ar, w, r) {
return
}
ar.Authorized = true
server.FinishAuthorizeRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
osin.OutputJSON(resp, w, r)
})
// Access token endpoint
serverhttp.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAccessRequest(resp, r); ar != nil {
ar.Authorized = true
server.FinishAccessRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
osin.OutputJSON(resp, w, r)
})
// Information endpoint
serverhttp.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ir := server.HandleInfoRequest(resp, r); ir != nil {
server.FinishInfoRequest(resp, r, ir)
}
osin.OutputJSON(resp, w, r)
})
// CLIENT
// Home
clienthttp.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
u := areq.GetAuthorizeUrl()
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Login</a>", u.String())))
})
// Auth endpoint
clienthttp.HandleFunc("/appauth", func(w http.ResponseWriter, r *http.Request) {
// parse a token request
areqdata, err := areq.HandleRequest(r)
if err != nil {
w.Write([]byte(fmt.Sprintf("ERROR: %s\n", err)))
return
}
treq := client.NewAccessRequest(osincli.AUTHORIZATION_CODE, areqdata)
// show access request url (for debugging only)
u2 := treq.GetTokenUrl()
w.Write([]byte(fmt.Sprintf("Access token URL: %s\n", u2.String())))
// exchange the authorize token for the access token
ad, err := treq.GetToken()
if err != nil {
w.Write([]byte(fmt.Sprintf("ERROR: %s\n", err)))
return
}
w.Write([]byte(fmt.Sprintf("Access token: %+v\n", ad)))
})
go http.ListenAndServe(":14001", clienthttp)
http.ListenAndServe(":14000", serverhttp)
}
func main() {
cfg := osin.NewServerConfig()
cfg.AllowGetAccessRequest = true
cfg.AllowClientSecretInParams = true
server := osin.NewServer(cfg, example.NewTestStorage())
// Authorization code endpoint
http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {
if !example.HandleLoginPage(ar, w, r) {
return
}
ar.Authorized = true
server.FinishAuthorizeRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
osin.OutputJSON(resp, w, r)
})
// Access token endpoint
http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAccessRequest(resp, r); ar != nil {
ar.Authorized = true
server.FinishAccessRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
osin.OutputJSON(resp, w, r)
})
// Information endpoint
http.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ir := server.HandleInfoRequest(resp, r); ir != nil {
server.FinishInfoRequest(resp, r, ir)
}
osin.OutputJSON(resp, w, r)
})
// Application home endpoint
http.HandleFunc("/app", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("<html><body>"))
w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=code&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Login</a><br/>", url.QueryEscape("http://localhost:14000/appauth/code"))))
w.Write([]byte("</body></html>"))
})
// Application destination - CODE
http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
code := r.Form.Get("code")
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - CODE<br/>"))
defer w.Write([]byte("</body></html>"))
if code == "" {
w.Write([]byte("Nothing to do"))
return
}
jr := make(map[string]interface{})
// build access code url
aurl := fmt.Sprintf("/token?grant_type=authorization_code&client_id=1234&client_secret=aabbccdd&state=xyz&redirect_uri=%s&code=%s",
url.QueryEscape("http://localhost:14000/appauth/code"), url.QueryEscape(code))
// if parse, download and parse json
if r.Form.Get("doparse") == "1" {
err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
&osin.BasicAuth{"1234", "aabbccdd"}, jr)
if err != nil {
w.Write([]byte(err.Error()))
w.Write([]byte("<br/>"))
}
}
// show json error
if erd, ok := jr["error"]; ok {
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd)))
}
// show json access token
if at, ok := jr["access_token"]; ok {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at)))
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
// output links
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Goto Token URL</a><br/>", aurl)))
cururl := *r.URL
curq := cururl.Query()
curq.Add("doparse", "1")
cururl.RawQuery = curq.Encode()
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Download Token</a><br/>", cururl.String())))
})
http.ListenAndServe(":14000", nil)
}
func main() {
sconfig := osin.NewServerConfig()
sconfig.AllowedAuthorizeTypes = osin.AllowedAuthorizeType{osin.CODE, osin.TOKEN}
sconfig.AllowedAccessTypes = osin.AllowedAccessType{osin.AUTHORIZATION_CODE,
osin.REFRESH_TOKEN, osin.PASSWORD, osin.CLIENT_CREDENTIALS, osin.ASSERTION}
sconfig.AllowGetAccessRequest = true
server := osin.NewServer(sconfig, example.NewTestStorage())
// Authorization code endpoint
http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {
if !example.HandleLoginPage(ar, w, r) {
return
}
ar.UserData = struct{ Login string }{Login: "******"}
ar.Authorized = true
server.FinishAuthorizeRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
if !resp.IsError {
resp.Output["custom_parameter"] = 187723
}
osin.OutputJSON(resp, w, r)
})
// Access token endpoint
http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAccessRequest(resp, r); ar != nil {
switch ar.Type {
case osin.AUTHORIZATION_CODE:
ar.Authorized = true
case osin.REFRESH_TOKEN:
ar.Authorized = true
case osin.PASSWORD:
if ar.Username == "test" && ar.Password == "test" {
ar.Authorized = true
}
case osin.CLIENT_CREDENTIALS:
ar.Authorized = true
case osin.ASSERTION:
if ar.AssertionType == "urn:osin.example.complete" && ar.Assertion == "osin.data" {
ar.Authorized = true
}
}
server.FinishAccessRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
if !resp.IsError {
resp.Output["custom_parameter"] = 19923
}
osin.OutputJSON(resp, w, r)
})
// Information endpoint
http.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ir := server.HandleInfoRequest(resp, r); ir != nil {
server.FinishInfoRequest(resp, r, ir)
}
osin.OutputJSON(resp, w, r)
})
// Application home endpoint
http.HandleFunc("/app", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("<html><body>"))
w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=code&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Code</a><br/>", url.QueryEscape("http://localhost:14000/appauth/code"))))
w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=token&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Implict</a><br/>", url.QueryEscape("http://localhost:14000/appauth/token"))))
w.Write([]byte(fmt.Sprintf("<a href=\"/appauth/password\">Password</a><br/>")))
w.Write([]byte(fmt.Sprintf("<a href=\"/appauth/client_credentials\">Client Credentials</a><br/>")))
w.Write([]byte(fmt.Sprintf("<a href=\"/appauth/assertion\">Assertion</a><br/>")))
w.Write([]byte("</body></html>"))
})
// Application destination - CODE
http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
code := r.Form.Get("code")
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - CODE<br/>"))
defer w.Write([]byte("</body></html>"))
if code == "" {
w.Write([]byte("Nothing to do"))
return
}
jr := make(map[string]interface{})
// build access code url
aurl := fmt.Sprintf("/token?grant_type=authorization_code&client_id=1234&state=xyz&redirect_uri=%s&code=%s",
url.QueryEscape("http://localhost:14000/appauth/code"), url.QueryEscape(code))
// if parse, download and parse json
if r.Form.Get("doparse") == "1" {
err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
&osin.BasicAuth{"1234", "aabbccdd"}, jr)
if err != nil {
w.Write([]byte(err.Error()))
w.Write([]byte("<br/>"))
}
}
// show json error
if erd, ok := jr["error"]; ok {
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd)))
}
// show json access token
if at, ok := jr["access_token"]; ok {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at)))
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
// output links
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Goto Token URL</a><br/>", aurl)))
cururl := *r.URL
curq := cururl.Query()
curq.Add("doparse", "1")
cururl.RawQuery = curq.Encode()
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Download Token</a><br/>", cururl.String())))
if rt, ok := jr["refresh_token"]; ok {
rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl)))
}
if at, ok := jr["access_token"]; ok {
rurl := fmt.Sprintf("/appauth/info?code=%s", at)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl)))
}
})
// Application destination - TOKEN
http.HandleFunc("/appauth/token", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - TOKEN<br/>"))
w.Write([]byte("Response data in fragment - not acessible via server - Nothing to do"))
w.Write([]byte("</body></html>"))
})
// Application destination - PASSWORD
http.HandleFunc("/appauth/password", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - PASSWORD<br/>"))
jr := make(map[string]interface{})
// build access code url
aurl := fmt.Sprintf("/token?grant_type=password&scope=everything&username=%s&password=%s",
"test", "test")
// download token
err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
&osin.BasicAuth{Username: "******", Password: "******"}, jr)
if err != nil {
w.Write([]byte(err.Error()))
w.Write([]byte("<br/>"))
}
// show json error
if erd, ok := jr["error"]; ok {
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd)))
}
// show json access token
if at, ok := jr["access_token"]; ok {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at)))
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
if rt, ok := jr["refresh_token"]; ok {
rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl)))
}
if at, ok := jr["access_token"]; ok {
rurl := fmt.Sprintf("/appauth/info?code=%s", at)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl)))
}
w.Write([]byte("</body></html>"))
})
// Application destination - CLIENT_CREDENTIALS
http.HandleFunc("/appauth/client_credentials", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - CLIENT CREDENTIALS<br/>"))
jr := make(map[string]interface{})
// build access code url
aurl := fmt.Sprintf("/token?grant_type=client_credentials")
// download token
err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
&osin.BasicAuth{Username: "******", Password: "******"}, jr)
if err != nil {
w.Write([]byte(err.Error()))
w.Write([]byte("<br/>"))
}
// show json error
if erd, ok := jr["error"]; ok {
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd)))
}
// show json access token
if at, ok := jr["access_token"]; ok {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at)))
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
if rt, ok := jr["refresh_token"]; ok {
rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl)))
}
if at, ok := jr["access_token"]; ok {
rurl := fmt.Sprintf("/appauth/info?code=%s", at)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl)))
}
w.Write([]byte("</body></html>"))
})
// Application destination - ASSERTION
http.HandleFunc("/appauth/assertion", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - ASSERTION<br/>"))
jr := make(map[string]interface{})
// build access code url
aurl := fmt.Sprintf("/token?grant_type=assertion&assertion_type=urn:osin.example.complete&assertion=osin.data")
// download token
err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
&osin.BasicAuth{Username: "******", Password: "******"}, jr)
if err != nil {
w.Write([]byte(err.Error()))
w.Write([]byte("<br/>"))
}
// show json error
if erd, ok := jr["error"]; ok {
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd)))
}
// show json access token
if at, ok := jr["access_token"]; ok {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at)))
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
if rt, ok := jr["refresh_token"]; ok {
rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl)))
}
if at, ok := jr["access_token"]; ok {
rurl := fmt.Sprintf("/appauth/info?code=%s", at)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl)))
}
w.Write([]byte("</body></html>"))
})
// Application destination - REFRESH
http.HandleFunc("/appauth/refresh", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - REFRESH<br/>"))
defer w.Write([]byte("</body></html>"))
code := r.Form.Get("code")
if code == "" {
w.Write([]byte("Nothing to do"))
return
}
jr := make(map[string]interface{})
// build access code url
aurl := fmt.Sprintf("/token?grant_type=refresh_token&refresh_token=%s", url.QueryEscape(code))
// download token
err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
&osin.BasicAuth{Username: "******", Password: "******"}, jr)
if err != nil {
w.Write([]byte(err.Error()))
w.Write([]byte("<br/>"))
}
// show json error
if erd, ok := jr["error"]; ok {
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd)))
}
// show json access token
if at, ok := jr["access_token"]; ok {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at)))
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
if rt, ok := jr["refresh_token"]; ok {
rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl)))
}
if at, ok := jr["access_token"]; ok {
rurl := fmt.Sprintf("/appauth/info?code=%s", at)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl)))
}
})
// Application destination - INFO
http.HandleFunc("/appauth/info", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - INFO<br/>"))
defer w.Write([]byte("</body></html>"))
code := r.Form.Get("code")
if code == "" {
w.Write([]byte("Nothing to do"))
return
}
jr := make(map[string]interface{})
// build access code url
aurl := fmt.Sprintf("/info?code=%s", url.QueryEscape(code))
// download token
err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
&osin.BasicAuth{Username: "******", Password: "******"}, jr)
if err != nil {
w.Write([]byte(err.Error()))
w.Write([]byte("<br/>"))
}
// show json error
if erd, ok := jr["error"]; ok {
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd)))
}
// show json access token
if at, ok := jr["access_token"]; ok {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at)))
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
if rt, ok := jr["refresh_token"]; ok {
rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt)
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl)))
}
})
http.ListenAndServe(":14000", nil)
}
func main() {
config := osin.NewServerConfig()
// goauth2 checks errors using status codes
config.ErrorStatusCode = 401
server := osin.NewServer(config, example.NewTestStorage())
client := &oauth.Config{
ClientId: "1234",
ClientSecret: "aabbccdd",
RedirectURL: "http://localhost:14000/appauth/code",
AuthURL: "http://localhost:14000/authorize",
TokenURL: "http://localhost:14000/token",
}
ctransport := &oauth.Transport{Config: client}
// Authorization code endpoint
http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {
if !example.HandleLoginPage(ar, w, r) {
return
}
ar.Authorized = true
server.FinishAuthorizeRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
osin.OutputJSON(resp, w, r)
})
// Access token endpoint
http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ar := server.HandleAccessRequest(resp, r); ar != nil {
ar.Authorized = true
server.FinishAccessRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
fmt.Printf("ERROR: %s\n", resp.InternalError)
}
osin.OutputJSON(resp, w, r)
})
// Information endpoint
http.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
if ir := server.HandleInfoRequest(resp, r); ir != nil {
server.FinishInfoRequest(resp, r, ir)
}
osin.OutputJSON(resp, w, r)
})
// Application home endpoint
http.HandleFunc("/app", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("<html><body>"))
//w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=code&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Login</a><br/>", url.QueryEscape("http://localhost:14000/appauth/code"))))
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Login</a><br/>", client.AuthCodeURL(""))))
w.Write([]byte("</body></html>"))
})
// Application destination - CODE
http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
code := r.Form.Get("code")
w.Write([]byte("<html><body>"))
w.Write([]byte("APP AUTH - CODE<br/>"))
defer w.Write([]byte("</body></html>"))
if code == "" {
w.Write([]byte("Nothing to do"))
return
}
var jr *oauth.Token
var err error
// if parse, download and parse json
if r.Form.Get("doparse") == "1" {
jr, err = ctransport.Exchange(code)
if err != nil {
jr = nil
w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", err)))
}
}
// show json access token
if jr != nil {
w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", jr.AccessToken)))
if jr.RefreshToken != "" {
w.Write([]byte(fmt.Sprintf("REFRESH TOKEN: %s<br/>\n", jr.RefreshToken)))
}
}
w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr)))
cururl := *r.URL
curq := cururl.Query()
curq.Add("doparse", "1")
cururl.RawQuery = curq.Encode()
w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Download Token</a><br/>", cururl.String())))
})
http.ListenAndServe(":14000", nil)
}
