diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..74aa1f6 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,2 @@ +[*.go] +end_of_line = crlf \ No newline at end of file diff --git a/manage/manager.go b/manage/manager.go index b8fb01e..c7346c0 100755 --- a/manage/manager.go +++ b/manage/manager.go @@ -214,7 +214,7 @@ func (m *Manager) GenerateAuthToken(ctx context.Context, rt oauth2.ResponseType, } return ti, nil } - + // get authorization code data func (m *Manager) getAuthorizationCode(ctx context.Context, code string) (oauth2.TokenInfo, error) { ti, err := m.tokenStore.GetByCode(ctx, code) diff --git a/server/handler.go b/server/handler.go index e0d5d32..a9202f8 100755 --- a/server/handler.go +++ b/server/handler.go @@ -16,7 +16,7 @@ type ( ClientAuthorizedHandler func(clientID string, grant oauth2.GrantType) (allowed bool, err error) // ClientScopeHandler check the client allows to use scope - ClientScopeHandler func(clientID, scope string) (allowed bool, err error) + ClientScopeHandler func(tgr *oauth2.TokenGenerateRequest) (allowed bool, err error) // UserAuthorizationHandler get user id from request authorization UserAuthorizationHandler func(w http.ResponseWriter, r *http.Request) (userID string, err error) @@ -25,7 +25,7 @@ type ( PasswordAuthorizationHandler func(username, password string) (userID string, err error) // RefreshingScopeHandler check the scope of the refreshing token - RefreshingScopeHandler func(newScope, oldScope string) (allowed bool, err error) + RefreshingScopeHandler func(tgr *oauth2.TokenGenerateRequest, oldScope string) (allowed bool, err error) // ResponseErrorHandler response error handing ResponseErrorHandler func(re *errors.Response) diff --git a/server/server.go b/server/server.go index ca1cd94..5a05ca7 100755 --- a/server/server.go +++ b/server/server.go @@ -182,9 +182,18 @@ func (s *Server) GetAuthorizeToken(ctx context.Context, req *AuthorizeRequest) ( } } + tgr := &oauth2.TokenGenerateRequest{ + ClientID: req.ClientID, + UserID: req.UserID, + RedirectURI: req.RedirectURI, + Scope: req.Scope, + AccessTokenExp: req.AccessTokenExp, + Request: req.Request, + } + // check the client allows the authorized scope if fn := s.ClientScopeHandler; fn != nil { - allowed, err := fn(req.ClientID, req.Scope) + allowed, err := fn(tgr) if err != nil { return nil, err } else if !allowed { @@ -192,14 +201,6 @@ func (s *Server) GetAuthorizeToken(ctx context.Context, req *AuthorizeRequest) ( } } - tgr := &oauth2.TokenGenerateRequest{ - ClientID: req.ClientID, - UserID: req.UserID, - RedirectURI: req.RedirectURI, - Scope: req.Scope, - AccessTokenExp: req.AccessTokenExp, - Request: req.Request, - } return s.Manager.GenerateAuthToken(ctx, req.ResponseType, tgr) } @@ -365,7 +366,7 @@ func (s *Server) GetAccessToken(ctx context.Context, gt oauth2.GrantType, tgr *o return ti, nil case oauth2.PasswordCredentials, oauth2.ClientCredentials: if fn := s.ClientScopeHandler; fn != nil { - allowed, err := fn(tgr.ClientID, tgr.Scope) + allowed, err := fn(tgr) if err != nil { return nil, err } else if !allowed { @@ -375,7 +376,7 @@ func (s *Server) GetAccessToken(ctx context.Context, gt oauth2.GrantType, tgr *o return s.Manager.GenerateAccessToken(ctx, gt, tgr) case oauth2.Refreshing: // check scope - if scope, scopeFn := tgr.Scope, s.RefreshingScopeHandler; scope != "" && scopeFn != nil { + if scopeFn := s.RefreshingScopeHandler; tgr.Scope != "" && scopeFn != nil { rti, err := s.Manager.LoadRefreshToken(ctx, tgr.Refresh) if err != nil { if err == errors.ErrInvalidRefreshToken || err == errors.ErrExpiredRefreshToken { @@ -384,7 +385,7 @@ func (s *Server) GetAccessToken(ctx context.Context, gt oauth2.GrantType, tgr *o return nil, err } - allowed, err := scopeFn(scope, rti.GetScope()) + allowed, err := scopeFn(tgr, rti.GetScope()) if err != nil { return nil, err } else if !allowed {