func AccessTokenRequest(data utils.H) (utils.H, error) { var user models.User var client models.Client var code string var redirectURI string if data["code"] == nil || data["redirect_uri"] == nil || data["client"] == nil { return invalidRequestResult("") } redirectURI = data["redirect_uri"].(string) code = data["code"].(string) client = data["client"].(models.Client) authorizationSession := services.FindSessionByToken(code, models.GrantToken) defer services.InvalidateSession(authorizationSession) if authorizationSession.ID == 0 { return invalidGrantResult("") } user = authorizationSession.User user = services.FindUserByPublicId(user.PublicId) if authorizationSession.Client.ID != client.ID { return invalidGrantResult("") } if !strings.Contains(authorizationSession.Client.RedirectURI, redirectURI) { return invalidGrantResult("") } accessToken := services.CreateSession(user, client, authorizationSession.Ip, authorizationSession.UserAgent, authorizationSession.Scopes, models.AccessToken) refreshToken := services.CreateSession(user, client, authorizationSession.Ip, authorizationSession.UserAgent, authorizationSession.Scopes, models.RefreshToken) if accessToken.ID == 0 || refreshToken.ID == 0 { return serverErrorResult("") } return utils.H{ "user_id": user.PublicId, "access_token": accessToken.Token, "token_type": "Bearer", "expires_in": accessToken.ExpiresIn, "refresh_token": refreshToken.Token, "scope": authorizationSession.Scopes, }, nil }
func RefreshTokenRequest(data utils.H) (utils.H, error) { var user models.User var client models.Client var token string var scope string if data["refresh_token"] == nil || data["scope"] == nil || data["client"] == nil { return invalidRequestResult("") } token = data["refresh_token"].(string) scope = data["scope"].(string) client = data["client"].(models.Client) refreshSession := services.FindSessionByToken(token, models.RefreshToken) defer services.InvalidateSession(refreshSession) if refreshSession.ID == 0 { return invalidGrantResult("") } user = refreshSession.User user = services.FindUserByPublicId(user.PublicId) if refreshSession.Client.ID != client.ID { return invalidGrantResult("") } if scope != refreshSession.Scopes { return invalidScopeResult("") } accessToken := services.CreateSession(user, client, refreshSession.Ip, refreshSession.UserAgent, scope, models.AccessToken) refreshToken := services.CreateSession(user, client, refreshSession.Ip, refreshSession.UserAgent, scope, models.RefreshToken) if accessToken.ID == 0 || refreshToken.ID == 0 { return serverErrorResult("") } return utils.H{ "user_id": user.PublicId, "access_token": accessToken.Token, "token_type": "Bearer", "expires_in": accessToken.ExpiresIn, "refresh_token": refreshToken.Token, "scope": refreshSession.Scopes, }, nil }
func AuthorizationCodeGrant(data utils.H) (utils.H, error) { var redirectURI string var scope string var state string var ip string var userAgent string var user models.User var client models.Client if data["redirect_uri"] == nil || data["user"] == nil || data["client"] == nil { return invalidRequestResult(state) } if data["state"] != nil { state = data["state"].(string) } if data["ip"] != nil { ip = data["ip"].(string) } if data["userAgent"] != nil { userAgent = data["userAgent"].(string) } redirectURI = data["redirect_uri"].(string) client = data["client"].(models.Client) user = data["user"].(models.User) if data["scope"] != nil { scope = data["scope"].(string) } if !strings.Contains(client.RedirectURI, redirectURI) { return invalidRedirectURIResult(state) } /* * WARNING * It will grant access, but with a public-only scope */ if scope != "" && !strings.Contains(client.Scopes, scope) { scope = models.PublicScope } session := services.CreateSession(user, client, ip, userAgent, scope, models.GrantToken) if session.ID > 0 { return utils.H{ "code": session.Token, "state": state, "scope": scope, }, nil } else { return serverErrorResult(state) } }