From 62375779e9ae8f11b224346819f87bc4ab7a6b05 Mon Sep 17 00:00:00 2001 From: Leonardo Rossi Date: Tue, 11 Oct 2016 14:47:21 +0200 Subject: [PATCH] oauth2: connection of auth code with access token * On access token creation, the relation with the auth code is saved. (addresses #66) Signed-off-by: Leonardo Rossi --- src/oauth2.erl | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/src/oauth2.erl b/src/oauth2.erl index 4f4855b..100de6a 100644 --- a/src/oauth2.erl +++ b/src/oauth2.erl @@ -58,6 +58,7 @@ %% Opaque authentication record -record(a, { client = undefined :: undefined | term() , resowner = undefined :: undefined | term() + , code = undefined :: undefined | token() , scope :: scope() , ttl = 0 :: non_neg_integer() }). @@ -166,6 +167,7 @@ authorize_code_grant(Client, Code, RedirUri, Ctx0) -> {ok, Ctx3} = ?BACKEND:revoke_access_code(Code, Ctx2), {ok, {Ctx3, #a{ client =C , resowner=get_(GrantCtx,<<"resource_owner">>) + , code =Code , scope =get_(GrantCtx, <<"scope">>) , ttl =oauth2_config:expiry_time( password_credentials) @@ -222,8 +224,11 @@ issue_code(#a{client=Client, resowner=Owner, scope=Scope, ttl=TTL}, Ctx0) -> %% - 4.4.3. Client Credentials Grant > Access Token Response, with the %% result of authorize_client_credentials/4. -spec issue_token(auth(), appctx()) -> {ok, {appctx(), response()}}. -issue_token(#a{client=Client, resowner=Owner, scope=Scope, ttl=TTL}, Ctx0) -> - GrantContext = build_context(Client,seconds_since_epoch(TTL),Owner,Scope), +issue_token(#a{client=Client, resowner=Owner, code=Code, scope=Scope, ttl=TTL}, + Ctx0) -> + GrantContext = add_more_context( + [{code, Code}], + build_context(Client, seconds_since_epoch(TTL), Owner, Scope)), AccessToken = ?TOKEN:generate(GrantContext), {ok, Ctx1} = ?BACKEND:associate_access_token( AccessToken , GrantContext @@ -243,12 +248,14 @@ issue_token_and_refresh(#a{client = undefined}, _Ctx) -> {error, invalid_authorization}; issue_token_and_refresh(#a{resowner = undefined}, _Ctx) -> {error, invalid_authorization}; -issue_token_and_refresh( #a{client=Client, resowner=Owner, scope=Scope, ttl=TTL} - , Ctx0 ) -> +issue_token_and_refresh( #a{client=Client, resowner=Owner, code=Code, + scope=Scope, ttl=TTL}, Ctx0 ) -> RTTL = oauth2_config:expiry_time(refresh_token), RefreshCtx = build_context(Client,seconds_since_epoch(RTTL),Owner,Scope), RefreshToken = ?TOKEN:generate(RefreshCtx), - AccessCtx = build_context(Client,seconds_since_epoch(TTL),Owner,Scope,RefreshToken), + AccessCtx = add_more_context( + [{refresh_token, RefreshToken}, {code, Code}], + build_context(Client, seconds_since_epoch(TTL), Owner, Scope)), AccessToken = ?TOKEN:generate(AccessCtx), {ok, Ctx1} = ?BACKEND:associate_access_token( AccessToken , AccessCtx @@ -385,8 +392,13 @@ build_context(Client, ExpiryTime, ResOwner, Scope) -> , {<<"expiry_time">>, ExpiryTime} , {<<"scope">>, Scope} ]. -build_context(Client, ExpiryTime, ResOwner, Scope, RefreshToken) -> - [{<<"refresh_token">>, RefreshToken} | build_context(Client, ExpiryTime, ResOwner, Scope)]. +-spec add_more_context(list({atom(), term()}), context()) -> context(). +add_more_context([], Context) -> Context; +add_more_context([{refresh_token, RefreshToken} | Rest], Context) -> + add_more_context(Rest, [{<<"refresh_token">>, RefreshToken} | Context]); +add_more_context([{code, Code} | Rest], Context) -> + add_more_context(Rest, [{<<"code">>, Code} | Context]); +add_more_context([_ | Rest], Context) -> add_more_context(Rest, Context). -spec seconds_since_epoch(integer()) -> non_neg_integer(). seconds_since_epoch(Diff) ->