func (h *Handler) TokenHandler(w http.ResponseWriter, r *http.Request) { resp := h.server.NewResponse() r.ParseForm() defer resp.Close() if ar := h.server.HandleAccessRequest(resp, r); ar != nil { switch ar.Type { case osin.AUTHORIZATION_CODE: data, ok := ar.UserData.(string) if !ok { http.Error(w, fmt.Sprintf("Could not assert UserData to string: %v", ar.UserData), http.StatusInternalServerError) return } var claims jwt.ClaimsCarrier if err := json.Unmarshal([]byte(data), &claims); err != nil { http.Error(w, fmt.Sprintf("Could not unmarshal UserData: %v", ar.UserData), http.StatusInternalServerError) return } ar.UserData = jwt.NewClaimsCarrier(uuid.New(), claims.GetSubject(), h.Issuer, h.Audience, time.Now(), time.Now()) ar.Authorized = true case osin.REFRESH_TOKEN: data, ok := ar.UserData.(map[string]interface{}) if !ok { http.Error(w, fmt.Sprintf("Could not assert UserData type: %v", ar.UserData), http.StatusInternalServerError) return } claims := jwt.ClaimsCarrier(data) ar.UserData = jwt.NewClaimsCarrier(uuid.New(), claims.GetSubject(), h.Issuer, h.Audience, time.Now(), time.Now()) ar.Authorized = true case osin.PASSWORD: // TODO if !ar.Client.isAllowedToAuthenticateUser // TODO ... return // TODO } if user, err := h.authenticate(w, r, ar.Username, ar.Password); err == nil { ar.UserData = jwt.NewClaimsCarrier(uuid.New(), user.GetID(), h.Issuer, h.Audience, time.Now(), time.Now()) ar.Authorized = true } case osin.CLIENT_CREDENTIALS: ar.UserData = jwt.NewClaimsCarrier(uuid.New(), ar.Client.GetId(), h.Issuer, h.Audience, time.Now(), time.Now()) ar.Authorized = true // TODO ASSERTION workflow http://leastprivilege.com/2013/12/23/advanced-oauth2-assertion-flow-why/ // TODO Since assertions are only a draft for now and there is no need for SAML or similar this is postponed. //case osin.ASSERTION: // if ar.AssertionType == "urn:hydra" && ar.Assertion == "osin.data" { // ar.Authorized = true // } } h.server.FinishAccessRequest(resp, r, ar) } if resp.IsError { resp.StatusCode = http.StatusUnauthorized } osin.OutputJSON(resp, w, r) }
func (h *Handler) InfoHandler(w http.ResponseWriter, r *http.Request) { resp := h.server.NewResponse() defer resp.Close() if ir := h.server.HandleInfoRequest(resp, r); ir != nil { h.server.FinishInfoRequest(resp, r, ir) } osin.OutputJSON(resp, w, r) }
func (h *Handler) AuthorizeHandler(w http.ResponseWriter, r *http.Request) { resp := h.server.NewResponse() defer resp.Close() if ar := h.server.HandleAuthorizeRequest(resp, r); ar != nil { // For now, a provider must be given. // TODO there should be a fallback provider which is a redirect to the login endpoint. This should be configurable by env var. // Let's see if this is a valid provider. If not, return an error. provider, err := h.Providers.Find(r.URL.Query().Get("provider")) if err != nil { http.Error(w, fmt.Sprintf(`Provider "%s" not known.`, err), http.StatusBadRequest) return } // This could be made configurable with `connection.GetCodeKeyName()` code := r.URL.Query().Get("access_code") if code == "" { // If no code was given we have to initiate the provider's authorization workflow url := provider.GetAuthCodeURL(ar) http.Redirect(w, r, url, http.StatusFound) return } // Create a session by exchanging the code for the auth code connection, err := provider.Exchange(code) if err != nil { http.Error(w, fmt.Sprintf("Could not exchange access code: %s", err), http.StatusUnauthorized) return } subject := connection.GetRemoteSubject() user, err := h.Connections.FindByRemoteSubject(provider.GetID(), subject) if err == account.ErrNotFound { // The subject is not linked to any account. http.Error(w, "Provided token is not linked to any existing account.", http.StatusUnauthorized) return } else if err != nil { // Something else went wrong http.Error(w, fmt.Sprintf("Could assert subject claim: %s", err), http.StatusInternalServerError) return } ar.UserData = jwt.NewClaimsCarrier(uuid.New(), user.GetLocalSubject(), h.Issuer, h.Audience, time.Now(), time.Now()) ar.Authorized = true h.server.FinishAuthorizeRequest(resp, r, ar) } if resp.IsError { resp.StatusCode = http.StatusUnauthorized } osin.OutputJSON(resp, w, r) }
func main() { // create http muxes serverhttp := http.NewServeMux() clienthttp := http.NewServeMux() // create server config := osin.NewServerConfig() sstorage := example.NewTestStorage() sstorage.SetClient("1234", &osin.DefaultClient{ Id: "1234", Secret: "aabbccdd", RedirectUri: "http://localhost:14001/appauth", }) server := osin.NewServer(config, sstorage) // create client cliconfig := &osincli.ClientConfig{ ClientId: "1234", ClientSecret: "aabbccdd", AuthorizeUrl: "http://localhost:14000/authorize", TokenUrl: "http://localhost:14000/token", RedirectUrl: "http://localhost:14001/appauth", } client, err := osincli.NewClient(cliconfig) if err != nil { panic(err) } // create a new request to generate the url areq := client.NewAuthorizeRequest(osincli.CODE) // SERVER // Authorization code endpoint serverhttp.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAuthorizeRequest(resp, r); ar != nil { if !example.HandleLoginPage(ar, w, r) { return } ar.Authorized = true server.FinishAuthorizeRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } osin.OutputJSON(resp, w, r) }) // Access token endpoint serverhttp.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAccessRequest(resp, r); ar != nil { ar.Authorized = true server.FinishAccessRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } osin.OutputJSON(resp, w, r) }) // Information endpoint serverhttp.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ir := server.HandleInfoRequest(resp, r); ir != nil { server.FinishInfoRequest(resp, r, ir) } osin.OutputJSON(resp, w, r) }) // CLIENT // Home clienthttp.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { u := areq.GetAuthorizeUrl() w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Login</a>", u.String()))) }) // Auth endpoint clienthttp.HandleFunc("/appauth", func(w http.ResponseWriter, r *http.Request) { // parse a token request areqdata, err := areq.HandleRequest(r) if err != nil { w.Write([]byte(fmt.Sprintf("ERROR: %s\n", err))) return } treq := client.NewAccessRequest(osincli.AUTHORIZATION_CODE, areqdata) // show access request url (for debugging only) u2 := treq.GetTokenUrl() w.Write([]byte(fmt.Sprintf("Access token URL: %s\n", u2.String()))) // exchange the authorize token for the access token ad, err := treq.GetToken() if err != nil { w.Write([]byte(fmt.Sprintf("ERROR: %s\n", err))) return } w.Write([]byte(fmt.Sprintf("Access token: %+v\n", ad))) }) go http.ListenAndServe(":14001", clienthttp) http.ListenAndServe(":14000", serverhttp) }
func main() { cfg := osin.NewServerConfig() cfg.AllowGetAccessRequest = true cfg.AllowClientSecretInParams = true server := osin.NewServer(cfg, example.NewTestStorage()) // Authorization code endpoint http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAuthorizeRequest(resp, r); ar != nil { if !example.HandleLoginPage(ar, w, r) { return } ar.Authorized = true server.FinishAuthorizeRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } osin.OutputJSON(resp, w, r) }) // Access token endpoint http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAccessRequest(resp, r); ar != nil { ar.Authorized = true server.FinishAccessRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } osin.OutputJSON(resp, w, r) }) // Information endpoint http.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ir := server.HandleInfoRequest(resp, r); ir != nil { server.FinishInfoRequest(resp, r, ir) } osin.OutputJSON(resp, w, r) }) // Application home endpoint http.HandleFunc("/app", func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("<html><body>")) w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=code&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Login</a><br/>", url.QueryEscape("http://localhost:14000/appauth/code")))) w.Write([]byte("</body></html>")) }) // Application destination - CODE http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() code := r.Form.Get("code") w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - CODE<br/>")) defer w.Write([]byte("</body></html>")) if code == "" { w.Write([]byte("Nothing to do")) return } jr := make(map[string]interface{}) // build access code url aurl := fmt.Sprintf("/token?grant_type=authorization_code&client_id=1234&client_secret=aabbccdd&state=xyz&redirect_uri=%s&code=%s", url.QueryEscape("http://localhost:14000/appauth/code"), url.QueryEscape(code)) // if parse, download and parse json if r.Form.Get("doparse") == "1" { err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl), &osin.BasicAuth{"1234", "aabbccdd"}, jr) if err != nil { w.Write([]byte(err.Error())) w.Write([]byte("<br/>")) } } // show json error if erd, ok := jr["error"]; ok { w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd))) } // show json access token if at, ok := jr["access_token"]; ok { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at))) } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) // output links w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Goto Token URL</a><br/>", aurl))) cururl := *r.URL curq := cururl.Query() curq.Add("doparse", "1") cururl.RawQuery = curq.Encode() w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Download Token</a><br/>", cururl.String()))) }) http.ListenAndServe(":14000", nil) }
func main() { sconfig := osin.NewServerConfig() sconfig.AllowedAuthorizeTypes = osin.AllowedAuthorizeType{osin.CODE, osin.TOKEN} sconfig.AllowedAccessTypes = osin.AllowedAccessType{osin.AUTHORIZATION_CODE, osin.REFRESH_TOKEN, osin.PASSWORD, osin.CLIENT_CREDENTIALS, osin.ASSERTION} sconfig.AllowGetAccessRequest = true server := osin.NewServer(sconfig, example.NewTestStorage()) // Authorization code endpoint http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAuthorizeRequest(resp, r); ar != nil { if !example.HandleLoginPage(ar, w, r) { return } ar.UserData = struct{ Login string }{Login: "******"} ar.Authorized = true server.FinishAuthorizeRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } if !resp.IsError { resp.Output["custom_parameter"] = 187723 } osin.OutputJSON(resp, w, r) }) // Access token endpoint http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAccessRequest(resp, r); ar != nil { switch ar.Type { case osin.AUTHORIZATION_CODE: ar.Authorized = true case osin.REFRESH_TOKEN: ar.Authorized = true case osin.PASSWORD: if ar.Username == "test" && ar.Password == "test" { ar.Authorized = true } case osin.CLIENT_CREDENTIALS: ar.Authorized = true case osin.ASSERTION: if ar.AssertionType == "urn:osin.example.complete" && ar.Assertion == "osin.data" { ar.Authorized = true } } server.FinishAccessRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } if !resp.IsError { resp.Output["custom_parameter"] = 19923 } osin.OutputJSON(resp, w, r) }) // Information endpoint http.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ir := server.HandleInfoRequest(resp, r); ir != nil { server.FinishInfoRequest(resp, r, ir) } osin.OutputJSON(resp, w, r) }) // Application home endpoint http.HandleFunc("/app", func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("<html><body>")) w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=code&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Code</a><br/>", url.QueryEscape("http://localhost:14000/appauth/code")))) w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=token&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Implict</a><br/>", url.QueryEscape("http://localhost:14000/appauth/token")))) w.Write([]byte(fmt.Sprintf("<a href=\"/appauth/password\">Password</a><br/>"))) w.Write([]byte(fmt.Sprintf("<a href=\"/appauth/client_credentials\">Client Credentials</a><br/>"))) w.Write([]byte(fmt.Sprintf("<a href=\"/appauth/assertion\">Assertion</a><br/>"))) w.Write([]byte("</body></html>")) }) // Application destination - CODE http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() code := r.Form.Get("code") w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - CODE<br/>")) defer w.Write([]byte("</body></html>")) if code == "" { w.Write([]byte("Nothing to do")) return } jr := make(map[string]interface{}) // build access code url aurl := fmt.Sprintf("/token?grant_type=authorization_code&client_id=1234&state=xyz&redirect_uri=%s&code=%s", url.QueryEscape("http://localhost:14000/appauth/code"), url.QueryEscape(code)) // if parse, download and parse json if r.Form.Get("doparse") == "1" { err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl), &osin.BasicAuth{"1234", "aabbccdd"}, jr) if err != nil { w.Write([]byte(err.Error())) w.Write([]byte("<br/>")) } } // show json error if erd, ok := jr["error"]; ok { w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd))) } // show json access token if at, ok := jr["access_token"]; ok { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at))) } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) // output links w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Goto Token URL</a><br/>", aurl))) cururl := *r.URL curq := cururl.Query() curq.Add("doparse", "1") cururl.RawQuery = curq.Encode() w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Download Token</a><br/>", cururl.String()))) if rt, ok := jr["refresh_token"]; ok { rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl))) } if at, ok := jr["access_token"]; ok { rurl := fmt.Sprintf("/appauth/info?code=%s", at) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl))) } }) // Application destination - TOKEN http.HandleFunc("/appauth/token", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - TOKEN<br/>")) w.Write([]byte("Response data in fragment - not acessible via server - Nothing to do")) w.Write([]byte("</body></html>")) }) // Application destination - PASSWORD http.HandleFunc("/appauth/password", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - PASSWORD<br/>")) jr := make(map[string]interface{}) // build access code url aurl := fmt.Sprintf("/token?grant_type=password&scope=everything&username=%s&password=%s", "test", "test") // download token err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl), &osin.BasicAuth{Username: "******", Password: "******"}, jr) if err != nil { w.Write([]byte(err.Error())) w.Write([]byte("<br/>")) } // show json error if erd, ok := jr["error"]; ok { w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd))) } // show json access token if at, ok := jr["access_token"]; ok { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at))) } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) if rt, ok := jr["refresh_token"]; ok { rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl))) } if at, ok := jr["access_token"]; ok { rurl := fmt.Sprintf("/appauth/info?code=%s", at) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl))) } w.Write([]byte("</body></html>")) }) // Application destination - CLIENT_CREDENTIALS http.HandleFunc("/appauth/client_credentials", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - CLIENT CREDENTIALS<br/>")) jr := make(map[string]interface{}) // build access code url aurl := fmt.Sprintf("/token?grant_type=client_credentials") // download token err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl), &osin.BasicAuth{Username: "******", Password: "******"}, jr) if err != nil { w.Write([]byte(err.Error())) w.Write([]byte("<br/>")) } // show json error if erd, ok := jr["error"]; ok { w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd))) } // show json access token if at, ok := jr["access_token"]; ok { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at))) } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) if rt, ok := jr["refresh_token"]; ok { rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl))) } if at, ok := jr["access_token"]; ok { rurl := fmt.Sprintf("/appauth/info?code=%s", at) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl))) } w.Write([]byte("</body></html>")) }) // Application destination - ASSERTION http.HandleFunc("/appauth/assertion", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - ASSERTION<br/>")) jr := make(map[string]interface{}) // build access code url aurl := fmt.Sprintf("/token?grant_type=assertion&assertion_type=urn:osin.example.complete&assertion=osin.data") // download token err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl), &osin.BasicAuth{Username: "******", Password: "******"}, jr) if err != nil { w.Write([]byte(err.Error())) w.Write([]byte("<br/>")) } // show json error if erd, ok := jr["error"]; ok { w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd))) } // show json access token if at, ok := jr["access_token"]; ok { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at))) } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) if rt, ok := jr["refresh_token"]; ok { rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl))) } if at, ok := jr["access_token"]; ok { rurl := fmt.Sprintf("/appauth/info?code=%s", at) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl))) } w.Write([]byte("</body></html>")) }) // Application destination - REFRESH http.HandleFunc("/appauth/refresh", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - REFRESH<br/>")) defer w.Write([]byte("</body></html>")) code := r.Form.Get("code") if code == "" { w.Write([]byte("Nothing to do")) return } jr := make(map[string]interface{}) // build access code url aurl := fmt.Sprintf("/token?grant_type=refresh_token&refresh_token=%s", url.QueryEscape(code)) // download token err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl), &osin.BasicAuth{Username: "******", Password: "******"}, jr) if err != nil { w.Write([]byte(err.Error())) w.Write([]byte("<br/>")) } // show json error if erd, ok := jr["error"]; ok { w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd))) } // show json access token if at, ok := jr["access_token"]; ok { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at))) } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) if rt, ok := jr["refresh_token"]; ok { rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl))) } if at, ok := jr["access_token"]; ok { rurl := fmt.Sprintf("/appauth/info?code=%s", at) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Info</a><br/>", rurl))) } }) // Application destination - INFO http.HandleFunc("/appauth/info", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - INFO<br/>")) defer w.Write([]byte("</body></html>")) code := r.Form.Get("code") if code == "" { w.Write([]byte("Nothing to do")) return } jr := make(map[string]interface{}) // build access code url aurl := fmt.Sprintf("/info?code=%s", url.QueryEscape(code)) // download token err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl), &osin.BasicAuth{Username: "******", Password: "******"}, jr) if err != nil { w.Write([]byte(err.Error())) w.Write([]byte("<br/>")) } // show json error if erd, ok := jr["error"]; ok { w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", erd))) } // show json access token if at, ok := jr["access_token"]; ok { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", at))) } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) if rt, ok := jr["refresh_token"]; ok { rurl := fmt.Sprintf("/appauth/refresh?code=%s", rt) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Refresh Token</a><br/>", rurl))) } }) http.ListenAndServe(":14000", nil) }
func main() { config := osin.NewServerConfig() // goauth2 checks errors using status codes config.ErrorStatusCode = 401 server := osin.NewServer(config, example.NewTestStorage()) client := &oauth.Config{ ClientId: "1234", ClientSecret: "aabbccdd", RedirectURL: "http://localhost:14000/appauth/code", AuthURL: "http://localhost:14000/authorize", TokenURL: "http://localhost:14000/token", } ctransport := &oauth.Transport{Config: client} // Authorization code endpoint http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAuthorizeRequest(resp, r); ar != nil { if !example.HandleLoginPage(ar, w, r) { return } ar.Authorized = true server.FinishAuthorizeRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } osin.OutputJSON(resp, w, r) }) // Access token endpoint http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ar := server.HandleAccessRequest(resp, r); ar != nil { ar.Authorized = true server.FinishAccessRequest(resp, r, ar) } if resp.IsError && resp.InternalError != nil { fmt.Printf("ERROR: %s\n", resp.InternalError) } osin.OutputJSON(resp, w, r) }) // Information endpoint http.HandleFunc("/info", func(w http.ResponseWriter, r *http.Request) { resp := server.NewResponse() defer resp.Close() if ir := server.HandleInfoRequest(resp, r); ir != nil { server.FinishInfoRequest(resp, r, ir) } osin.OutputJSON(resp, w, r) }) // Application home endpoint http.HandleFunc("/app", func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("<html><body>")) //w.Write([]byte(fmt.Sprintf("<a href=\"/authorize?response_type=code&client_id=1234&state=xyz&scope=everything&redirect_uri=%s\">Login</a><br/>", url.QueryEscape("http://localhost:14000/appauth/code")))) w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Login</a><br/>", client.AuthCodeURL("")))) w.Write([]byte("</body></html>")) }) // Application destination - CODE http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() code := r.Form.Get("code") w.Write([]byte("<html><body>")) w.Write([]byte("APP AUTH - CODE<br/>")) defer w.Write([]byte("</body></html>")) if code == "" { w.Write([]byte("Nothing to do")) return } var jr *oauth.Token var err error // if parse, download and parse json if r.Form.Get("doparse") == "1" { jr, err = ctransport.Exchange(code) if err != nil { jr = nil w.Write([]byte(fmt.Sprintf("ERROR: %s<br/>\n", err))) } } // show json access token if jr != nil { w.Write([]byte(fmt.Sprintf("ACCESS TOKEN: %s<br/>\n", jr.AccessToken))) if jr.RefreshToken != "" { w.Write([]byte(fmt.Sprintf("REFRESH TOKEN: %s<br/>\n", jr.RefreshToken))) } } w.Write([]byte(fmt.Sprintf("FULL RESULT: %+v<br/>\n", jr))) cururl := *r.URL curq := cururl.Query() curq.Add("doparse", "1") cururl.RawQuery = curq.Encode() w.Write([]byte(fmt.Sprintf("<a href=\"%s\">Download Token</a><br/>", cururl.String()))) }) http.ListenAndServe(":14000", nil) }