func (s *Server) FinishInfoRequest(r *http.Request, ir *InfoRequest) objx.Map {
response := objx.Map{
"access_token": ir.AccessData.GetAccessToken(),
"token_type": s.Config.TokenType,
"expires_in": ir.AccessData.ExpiresAt().Sub(time.Now()) / time.Second,
}
if ir.AccessData.GetRefreshToken() != "" {
response.Set("refresh_token", ir.AccessData.GetRefreshToken())
}
if ir.AccessData.GetScope() != "" {
response.Set("scope", ir.AccessData.GetScope())
}
return response
}
func (s *Server) FinishAccessRequest(params objx.Map, ar *AccessRequest, target AccessData) (response objx.Map, httpErr *HttpError) {
if ar.Authorized {
target.SetClient(ar.Client)
target.SetAuthorizeData(ar.AuthorizeData)
target.SetAccessData(ar.AccessData)
target.SetRedirectUri(params.Get("redirect_uri").Str())
target.SetCreatedAt(time.Now())
target.SetExpiresIn(ar.Expiration)
accessToken, refreshToken, tokenErr := s.AccessTokenGen.GenerateAccessToken(ar.GenerateRefresh)
if tokenErr != nil {
return nil, tokenErr
}
target.SetAccessToken(accessToken)
target.SetRefreshToken(refreshToken)
if err := s.Storage.SaveAccess(target); err != nil {
if httpErr, ok := err.(*HttpError); ok {
return nil, httpErr
} else {
return nil, deferror.Get(err.Error())
}
}
if target.GetAuthorizeData() != nil {
s.Storage.RemoveAuthorize(target.GetAuthorizeData().GetCode())
}
if target.GetAccessData() != nil {
if target.GetAccessData().GetRefreshToken() != "" {
s.Storage.RemoveRefresh(target.GetAccessData().GetRefreshToken())
}
s.Storage.RemoveAccess(target.GetAccessData().GetAccessToken())
}
response := objx.Map{
"access_token": target.GetAccessToken(),
"token_type": s.Config.TokenType,
"expires_in": target.GetExpiresIn(),
}
if target.GetRefreshToken() != "" {
response.Set("refresh_token", target.GetRefreshToken())
}
if ar.Scope != "" {
response.Set("scope", ar.Scope)
}
return response, nil
}
return nil, deferror.Get(E_ACCESS_DENIED)
}
// CompleteAuth takes a map of arguments that are used to
// complete the authorisation process, completes it, and returns
// the appropriate common.Credentials.
//
// The data must contain an OAuth2KeyCode obtained from the auth
// server.
func CompleteAuth(tripperFactory common.TripperFactory, data objx.Map, config *common.Config, provider common.Provider) (*common.Credentials, error) {
// get the code
codeList := data.Get(OAuth2KeyCode).Data()
code, ok := codeList.(string)
if !ok {
if codeList == nil || len(codeList.([]string)) == 0 {
return nil, &common.MissingParameterError{ParameterName: OAuth2KeyCode}
}
code = codeList.([]string)[0]
if len(code) == 0 {
return nil, &common.MissingParameterError{ParameterName: OAuth2KeyCode}
}
}
client, clientErr := GetClient(tripperFactory, common.EmptyCredentials, provider)
if clientErr != nil {
return nil, clientErr
}
params := objx.MSI(OAuth2KeyGrantType, OAuth2GrantTypeAuthorizationCode,
OAuth2KeyRedirectUrl, config.Get(OAuth2KeyRedirectUrl).Str(),
OAuth2KeyScope, config.Get(OAuth2KeyScope).Str(),
OAuth2KeyCode, code,
OAuth2KeyClientID, config.Get(OAuth2KeyClientID).Str(),
OAuth2KeySecret, config.Get(OAuth2KeySecret).Str())
// post the form
response, requestErr := client.PostForm(config.Get(OAuth2KeyTokenURL).Str(), params.URLValues())
if requestErr != nil {
return nil, requestErr
}
// make sure we close the body
defer func() {
if response.Body != nil {
response.Body.Close()
}
}()
// make sure we have an OK response
if response.StatusCode != http.StatusOK {
return nil, &common.AuthServerError{
ErrorMessage: fmt.Sprintf("Server replied with %s.", response.Status),
Response: response,
}
}
content, _, mimeTypeErr := mime.ParseMediaType(response.Header.Get("Content-Type"))
if mimeTypeErr != nil {
return nil, mimeTypeErr
}
// prepare the credentials object
creds := &common.Credentials{Map: objx.MSI()}
body, err := ioutil.ReadAll(response.Body)
if err != nil {
return nil, err
}
switch content {
case "application/x-www-form-urlencoded", "text/plain":
vals, err := objx.FromURLQuery(string(body))
if err != nil {
return nil, err
}
// did an error occur?
if len(vals.Get("error").Str()) > 0 {
return nil, &common.AuthServerError{
ErrorMessage: vals.Get("error").Str(),
Response: response,
}
}
expiresIn, _ := time.ParseDuration(vals.Get(OAuth2KeyExpiresIn).Str() + "s")
creds.Set(OAuth2KeyAccessToken, vals.Get(OAuth2KeyAccessToken).Str())
creds.Set(OAuth2KeyRefreshToken, vals.Get(OAuth2KeyRefreshToken).Str())
creds.Set(OAuth2KeyExpiresIn, expiresIn)
default: // use JSON
var data objx.Map
jsonErr := json.Unmarshal(body, &data)
if jsonErr != nil {
return nil, jsonErr
}
// handle the time
timeDuration := data.Get(OAuth2KeyExpiresIn).Float64()
data.Set(OAuth2KeyExpiresIn, time.Duration(timeDuration)*time.Second)
// merge this data into the creds
creds.MergeHere(data)
}
return creds, nil
}
