Пример #1
0
func (c *CoreValidator) introspectAuthorizeCode(ctx context.Context, token string, accessRequest fosite.AccessRequester) error {
	sig := c.CoreStrategy.AuthorizeCodeSignature(token)
	if or, err := c.CoreStorage.GetAuthorizeCodeSession(ctx, sig, accessRequest.GetSession()); err != nil {
		return errors.Wrap(err, fosite.ErrRequestUnauthorized.Error())
	} else if err := c.CoreStrategy.ValidateAuthorizeCode(ctx, or, token); err != nil {
		return err
	} else {
		accessRequest.Merge(or)
	}

	return nil
}
Пример #2
0
func (c *CoreValidator) introspectAccessToken(ctx context.Context, token string, accessRequest fosite.AccessRequester, scopes []string) error {
	sig := c.CoreStrategy.AccessTokenSignature(token)
	or, err := c.CoreStorage.GetAccessTokenSession(ctx, sig, accessRequest.GetSession())
	if err != nil {
		return errors.Wrap(fosite.ErrRequestUnauthorized, err.Error())
	} else if err := c.CoreStrategy.ValidateAccessToken(ctx, or, token); err != nil {
		return err
	}

	for _, scope := range scopes {
		if scope == "" {
			continue
		}

		if !c.ScopeStrategy(or.GetGrantedScopes(), scope) {
			return errors.Wrap(fosite.ErrInvalidScope, "")
		}
	}

	accessRequest.Merge(or)
	return nil
}