Skip to content

Commit

Permalink
fixed authorization request
Browse files Browse the repository at this point in the history
  • Loading branch information
LyricTian committed Nov 8, 2016
1 parent 782b7a7 commit 079ab11
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 14 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ func main() {

srv := server.NewDefaultServer(manager)
srv.SetAllowGetAccessRequest(true)
srv.SetClientInfoHandler(server.ClientFormHandler)

srv.SetInternalErrorHandler(func(err error) {
log.Println("OAuth2 Error:", err.Error())
Expand All @@ -75,6 +76,7 @@ func main() {

http.ListenAndServe(":9096", nil)
}

```

### Build and run
Expand Down
16 changes: 12 additions & 4 deletions example/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,13 @@ import (
"log"
"net/http"
"net/url"
"strings"
)

const (
redirectURI = "http://localhost:9094/oauth2"
serverURI = "http://localhost:9096"
clientID = "222222"
)

func main() {
Expand All @@ -20,7 +22,7 @@ func main() {
}
q := u.Query()
q.Add("response_type", "code")
q.Add("client_id", "222222")
q.Add("client_id", clientID)
q.Add("scope", "all")
q.Add("state", "xyz")
q.Add("redirect_uri", url.QueryEscape(redirectURI))
Expand All @@ -44,9 +46,15 @@ func main() {
uv.Add("code", code)
uv.Add("redirect_uri", redirectURI)
uv.Add("grant_type", "authorization_code")
uv.Add("client_id", "222222")
uv.Add("client_secret", "22222222")
resp, err := http.PostForm(serverURI+"/token", uv)
uv.Add("client_id", clientID)
req, err := http.NewRequest(http.MethodPost, serverURI+"/token", strings.NewReader(uv.Encode()))
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.SetBasicAuth(clientID, "22222222")
resp, err := http.DefaultClient.Do(req)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
Expand Down
5 changes: 4 additions & 1 deletion server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func NewServer(cfg *Config, manager oauth2.Manager) *Server {
Manager: manager,
}
// default handler
srv.ClientInfoHandler = ClientFormHandler
srv.ClientInfoHandler = ClientBasicHandler
srv.UserAuthorizationHandler = func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
err = errors.ErrAccessDenied
return
Expand Down Expand Up @@ -292,6 +292,9 @@ func (s *Server) ValidationTokenRequest(r *http.Request) (gt oauth2.GrantType, t
if tgr.RedirectURI == "" ||
tgr.Code == "" {
err = errors.ErrInvalidRequest
return
} else if cid := r.FormValue("client_id"); cid == "" || cid != clientID {
err = errors.ErrInvalidClient
}
case oauth2.PasswordCredentials:
tgr.Scope = r.FormValue("scope")
Expand Down
4 changes: 3 additions & 1 deletion server/server_config.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package server

import oauth2 "gopkg.in/oauth2.v3"
import (
"gopkg.in/oauth2.v3"
)

// SetTokenType token type
func (s *Server) SetTokenType(tokenType string) {
Expand Down
13 changes: 5 additions & 8 deletions server/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func TestAuthorizeCode(t *testing.T) {
WithFormField("code", code).
WithFormField("grant_type", "authorization_code").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithBasicAuth(clientID, clientSecret).
Expect().
Status(http.StatusOK).
JSON().Raw()
Expand Down Expand Up @@ -145,11 +145,10 @@ func TestPasswordCredentials(t *testing.T) {

val := e.POST("/token").
WithFormField("grant_type", "password").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithFormField("username", "admin").
WithFormField("password", "123456").
WithFormField("scope", "all").
WithBasicAuth(clientID, clientSecret).
Expect().
Status(http.StatusOK).
JSON().Raw()
Expand All @@ -169,9 +168,8 @@ func TestClientCredentials(t *testing.T) {

val := e.POST("/token").
WithFormField("grant_type", "client_credentials").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithFormField("scope", "all").
WithBasicAuth(clientID, clientSecret).
Expect().
Status(http.StatusOK).
JSON().Raw()
Expand Down Expand Up @@ -200,7 +198,7 @@ func TestRefreshing(t *testing.T) {
WithFormField("code", code).
WithFormField("grant_type", "authorization_code").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithBasicAuth(clientID, clientSecret).
Expect().
Status(http.StatusOK).
JSON()
Expand All @@ -210,10 +208,9 @@ func TestRefreshing(t *testing.T) {
refresh := jval.Object().Value("refresh_token").String().Raw()
rval := e.POST("/token").
WithFormField("grant_type", "refresh_token").
WithFormField("client_id", clientID).
WithFormField("client_secret", clientSecret).
WithFormField("scope", "one").
WithFormField("refresh_token", refresh).
WithBasicAuth(clientID, clientSecret).
Expect().
Status(http.StatusOK).
JSON().Raw()
Expand Down

0 comments on commit 079ab11

Please sign in to comment.