func GenerateSecret(length int) ([]byte, error) {
secret, err := sequence.RuneSequence(length, secretCharSet)
if err != nil {
return []byte{}, err
}
return []byte(string(secret)), nil
}
func (s *StateData) FromAuthorizeRequest(ar *osin.AuthorizeRequest, provider string) error {
if seq, err := sequence.RuneSequence(25, sequence.AlphaNum); err != nil {
return err
} else {
s.ID = string(seq)
}
s.ClientID = ar.Client.GetId()
s.RedirectURL = ar.RedirectUri
s.Scope = ar.Scope
s.State = ar.State
s.Type = string(ar.Type)
s.Provider = provider
return nil
}
func (h *Handler) Create(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
var p payload
decoder := json.NewDecoder(req.Body)
if err := decoder.Decode(&p); err != nil {
HttpError(rw, err, http.StatusBadRequest)
return
}
if v, err := govalidator.ValidateStruct(p); !v {
if err != nil {
HttpError(rw, err, http.StatusBadRequest)
return
}
HttpError(rw, errors.New("Payload did not validate."), http.StatusBadRequest)
return
}
secret, err := sequence.RuneSequence(12, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"))
if err != nil {
HttpError(rw, err, http.StatusInternalServerError)
return
}
client := &osin.DefaultClient{
Id: uuid.New(),
Secret: string(secret),
RedirectUri: p.RedirectURIs,
UserData: "{}",
}
if err := h.s.CreateClient(client); err != nil {
WriteError(rw, err)
return
}
WriteCreatedJSON(rw, "/clients/"+client.Id, client)
}
func (g *HS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) {
if g.Length < 12 {
g.Length = 12
}
if id == "" {
id = "shared"
}
key, err := sequence.RuneSequence(g.Length, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,.-;:_#+*!§$%&/()=?}][{<>"))
if err != nil {
return nil, errors.Errorf("Could not generate key because %s", err)
}
return &jose.JsonWebKeySet{
Keys: []jose.JsonWebKey{
{
Key: []byte(string(key)),
KeyID: id,
Certificates: []*x509.Certificate{},
},
},
}, nil
}
func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var c fosite.DefaultClient
var ctx = herodot.NewContext()
if err := json.NewDecoder(r.Body).Decode(&c); err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
if _, err := h.W.HTTPActionAllowed(ctx, r, &ladon.Request{
Resource: ClientsResource,
Action: "create",
Context: ladon.Context{
"owner": c.Owner,
},
}, Scope); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
if len(c.Secret) < 6 {
secret, err := sequence.RuneSequence(12, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_-.,:;$%!&/()=?+*#<>"))
if err != nil {
h.H.WriteError(ctx, w, r, errors.New(err))
return
}
c.Secret = []byte(string(secret))
}
if err := h.Manager.CreateClient(&c); err != nil {
h.H.WriteError(ctx, w, r, err)
return
}
h.H.WriteCreated(ctx, w, r, ClientsHandlerPath+"/"+c.GetID(), &c)
}
func (c *Client) Create(ctx *cli.Context) error {
id := ctx.String("id")
if id == "" {
id = uuid.New()
}
secret := ctx.String("secret")
if secret == "" {
if seq, err := sequence.RuneSequence(10, sequence.AlphaNum); err != nil {
return fmt.Errorf("Could not create rune sequence because %s", err)
} else {
secret = string(seq)
}
}
client := &osin.DefaultClient{
Id: id,
Secret: secret,
RedirectUri: ctx.String("redirect-url"),
UserData: "",
}
c.Ctx.Start()
if err := c.Ctx.Osins.CreateClient(client); err != nil {
return fmt.Errorf("Could not create client because %s", err)
}
fmt.Printf(`Created client "%s" with secret "%s" and redirect url "%s".`+"\n", client.Id, client.Secret, client.RedirectUri)
if ctx.Bool("as-superuser") {
if err := c.Ctx.Policies.Create(superUserPolicy(client.Id)); err != nil {
return fmt.Errorf("Could not create policy for client because %s", err)
}
fmt.Printf(`Granted superuser privileges to client "%s".`+"\n", client.Id)
}
return nil
}
ctx = context.WithValue(context.Background(), oauth2.HTTPClient, &http.Client{Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}})
}
conf := oauth2.Config{
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
Endpoint: oauth2.Endpoint{
TokenURL: pkg.JoinURLStrings(c.ClusterURL, "/oauth2/token"),
AuthURL: pkg.JoinURLStrings(c.ClusterURL, "/oauth2/auth"),
},
Scopes: []string{"core", "hydra"},
}
state, err := sequence.RuneSequence(24, []rune("abcdefghijklmnopqrstuvwxyz"))
pkg.Must(err, "Could not generate random state: %s", err)
nonce, err := sequence.RuneSequence(24, []rune("abcdefghijklmnopqrstuvwxyz"))
pkg.Must(err, "Could not generate random state: %s", err)
location := conf.AuthCodeURL(string(state)) + "&nonce=" + string(nonce)
if ok, _ := cmd.Flags().GetBool("no-open"); !ok {
webbrowser.Open(location)
}
fmt.Printf("If your browser does not open automatically, navigate to: %s\n", location)
fmt.Println("Setting up callback listener on http://localhost:4445/callback")
fmt.Println("Press ctrl + c on Linux / Windows or cmd + c on OSX to end the process.")