hailey.at / atproto-oauth-golang
this repo has no description
fork atom

Compare changes

Choose any two refs to compare.

options
unified split
Changed files
+33 -11
cmd
web_server_demo
handle_auth.go
oauth.go
+19 -10
cmd/web_server_demo/handle_auth.go 
···

       
3

       
3

       
 

       
import (


     

       
4

       
4

       
 

       
	"encoding/json"


     

       
5

       
5

       
 

       
	"fmt"


     

       

       
6

       
+

       
	"log/slog"


     

       
6

       
7

       
 

       
	"net/url"


     

       
7

       
8

       
 

       
	"strings"


     

       
8

       
9

       
 

       
	"time"


     
···

       
100

       
101

       
 

       
		return err


     

       
101

       
102

       
 

       
	}


     

       
102

       
103

       
 

       



     

       

       
104

       
+

       
	params := url.Values{


     

       

       
105

       
+

       
		"client_id":   {s.args.UrlRoot + serverMetadataPath},


     

       

       
106

       
+

       
		"request_uri": {parResp.RequestUri},


     

       

       
107

       
+

       
	}


     

       

       
108

       
+

       



     

       
103

       
109

       
 

       
	u, _ := url.Parse(meta.AuthorizationEndpoint)


     

       
104

       

       
-

       
	u.RawQuery = fmt.Sprintf("client_id=%s&request_uri=%s", url.QueryEscape(s.args.UrlRoot+serverMetadataPath), parResp.RequestUri)


     

       

       
110

       
+

       
	u.RawQuery = params.Encode()


     

       
105

       
111

       
 

       



     

       
106

       
112

       
 

       
	sess, err := session.Get("session", e)


     

       
107

       
113

       
 

       
	if err != nil {


     
···

       
115

       
121

       
 

       
	}


     

       
116

       
122

       
 

       



     

       
117

       
123

       
 

       
	// make sure the session is empty


     

       
118

       

       
-

       
	sess.Values = map[interface{}]interface{}{}


     

       

       
124

       
+

       
	sess.Values = map[any]any{}


     

       
119

       
125

       
 

       
	sess.Values["oauth_state"] = parResp.State


     

       
120

       
126

       
 

       
	sess.Values["oauth_did"] = did


     

       
121

       
127

       
 

       



     
···

       
127

       
133

       
 

       
}


     

       
128

       
134

       
 

       



     

       
129

       
135

       
 

       
func (s *TestServer) handleCallback(e echo.Context) error {


     

       
130

       

       
-

       
	resState := e.QueryParam("state")


     

       
131

       

       
-

       
	resIss := e.QueryParam("iss")


     

       
132

       

       
-

       
	resCode := e.QueryParam("code")


     

       

       
136

       
+

       
	params := e.QueryParams()


     

       

       
137

       
+

       
	state := params.Get("state")


     

       

       
138

       
+

       
	iss := params.Get("iss")


     

       

       
139

       
+

       
	code := params.Get("code")


     

       
133

       
140

       
 

       



     

       
134

       
141

       
 

       
	sess, err := session.Get("session", e)


     

       
135

       
142

       
 

       
	if err != nil {


     
···

       
138

       
145

       
 

       



     

       
139

       
146

       
 

       
	sessState := sess.Values["oauth_state"]


     

       
140

       
147

       
 

       



     

       
141

       

       
-

       
	if resState == "" || resIss == "" || resCode == "" {


     

       

       
148

       
+

       
	if state == "" || iss == "" || code == "" {


     

       
142

       
149

       
 

       
		return fmt.Errorf("request missing needed parameters")


     

       
143

       
150

       
 

       
	}


     

       
144

       
151

       
 

       



     

       
145

       

       
-

       
	if resState != sessState {


     

       

       
152

       
+

       
	if state != sessState {


     

       
146

       
153

       
 

       
		return fmt.Errorf("session state does not match response state")


     

       
147

       
154

       
 

       
	}


     

       
148

       
155

       
 

       



     
···

       
155

       
162

       
 

       
		return err


     

       
156

       
163

       
 

       
	}


     

       
157

       
164

       
 

       



     

       
158

       

       
-

       
	if resIss != oauthRequest.AuthserverIss {


     

       

       
165

       
+

       
	if iss != oauthRequest.AuthserverIss {


     

       
159

       
166

       
 

       
		return fmt.Errorf("incoming iss did not match authserver iss")


     

       
160

       
167

       
 

       
	}


     

       
161

       
168

       
 

       



     
···

       
164

       
171

       
 

       
		return err


     

       
165

       
172

       
 

       
	}


     

       
166

       
173

       
 

       



     

       
167

       

       
-

       
	initialTokenResp, err := s.oauthClient.InitialTokenRequest(e.Request().Context(), resCode, resIss, oauthRequest.PkceVerifier, oauthRequest.DpopAuthserverNonce, jwk)


     

       

       
174

       
+

       
	initialTokenResp, err := s.oauthClient.InitialTokenRequest(e.Request().Context(), code, iss, oauthRequest.PkceVerifier, oauthRequest.DpopAuthserverNonce, jwk)


     

       
168

       
175

       
 

       
	if err != nil {


     

       
169

       
176

       
 

       
		return err


     

       
170

       
177

       
 

       
	}


     
···

       
203

       
210

       
 

       
	}


     

       
204

       
211

       
 

       



     

       
205

       
212

       
 

       
	// make sure the session is empty


     

       
206

       

       
-

       
	sess.Values = map[interface{}]interface{}{}


     

       

       
213

       
+

       
	sess.Values = map[any]any{}


     

       
207

       
214

       
 

       
	sess.Values["did"] = oauthRequest.Did


     

       
208

       
215

       
 

       



     

       
209

       
216

       
 

       
	if err := sess.Save(e.Request(), e.Response()); err != nil {


     

       
210

       
217

       
 

       
		return err


     

       
211

       
218

       
 

       
	}


     

       

       
219

       
+

       



     

       

       
220

       
+

       
	slog.Default().Info("handled callback", "params", params)


     

       
212

       
221

       
 

       



     

       
213

       
222

       
 

       
	return e.Redirect(302, "/")


     

       
214

       
223

       
 

       
}
+14 -1
oauth.go 
···

       
204

       
204

       
 

       
	return tokenString, nil


     

       
205

       
205

       
 

       
}


     

       
206

       
206

       
 

       



     

       
207

       

       
-

       
func (c *Client) SendParAuthRequest(ctx context.Context, authServerUrl string, authServerMeta *OauthAuthorizationMetadata, loginHint, scope string, dpopPrivateKey jwk.Key) (*SendParAuthResponse, error) {


     

       

       
207

       
+

       
type ParAuthRequestExtra struct {


     

       

       
208

       
+

       
	Name  string


     

       

       
209

       
+

       
	Value string


     

       

       
210

       
+

       
}


     

       

       
211

       
+

       



     

       

       
212

       
+

       
func (c *Client) SendParAuthRequest(ctx context.Context, authServerUrl string, authServerMeta *OauthAuthorizationMetadata, loginHint, scope string, dpopPrivateKey jwk.Key, extras ...ParAuthRequestExtra) (*SendParAuthResponse, error) {


     

       
208

       
213

       
 

       
	if authServerMeta == nil {


     

       
209

       
214

       
 

       
		return nil, fmt.Errorf("nil metadata provided")


     

       
210

       
215

       
 

       
	}


     
···

       
249

       
254

       
 

       



     

       
250

       
255

       
 

       
	if loginHint != "" {


     

       
251

       
256

       
 

       
		params.Set("login_hint", loginHint)


     

       

       
257

       
+

       
	}


     

       

       
258

       
+

       



     

       

       
259

       
+

       
	for _, e := range extras {


     

       

       
260

       
+

       
		if !strings.HasPrefix(e.Name, "ext-") {


     

       

       
261

       
+

       
			e.Name = "ext-" + e.Name


     

       

       
262

       
+

       
		}


     

       

       
263

       
+

       
		e.Value = url.QueryEscape(e.Value)


     

       

       
264

       
+

       
		params.Set(e.Name, e.Value)


     

       
252

       
265

       
 

       
	}


     

       
253

       
266

       
 

       



     

       
254

       
267

       
 

       
	_, err = helpers.IsUrlSafeAndParsed(parUrl)