cmd/example-app: fix refreshing
This commit is contained in:
parent
f4bbab5056
commit
ed20fee2b9
@ -241,7 +241,7 @@ func (a *app) handleLogin(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
authCodeURL := ""
|
authCodeURL := ""
|
||||||
scopes = append(scopes, "openid", "profile", "email")
|
scopes = append(scopes, "openid", "profile", "email")
|
||||||
if r.FormValue("offline_acecss") != "yes" {
|
if r.FormValue("offline_access") != "yes" {
|
||||||
authCodeURL = a.oauth2Config(scopes).AuthCodeURL(exampleAppState)
|
authCodeURL = a.oauth2Config(scopes).AuthCodeURL(exampleAppState)
|
||||||
} else if a.offlineAsScope {
|
} else if a.offlineAsScope {
|
||||||
scopes = append(scopes, "offline_access")
|
scopes = append(scopes, "offline_access")
|
||||||
@ -254,34 +254,42 @@ func (a *app) handleLogin(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (a *app) handleCallback(w http.ResponseWriter, r *http.Request) {
|
func (a *app) handleCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
if errMsg := r.FormValue("error"); errMsg != "" {
|
|
||||||
http.Error(w, errMsg+": "+r.FormValue("error_description"), http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if state := r.FormValue("state"); state != exampleAppState {
|
|
||||||
http.Error(w, fmt.Sprintf("expected state %q got %q", exampleAppState, state), http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
code := r.FormValue("code")
|
|
||||||
refresh := r.FormValue("refresh_token")
|
|
||||||
var (
|
var (
|
||||||
err error
|
err error
|
||||||
token *oauth2.Token
|
token *oauth2.Token
|
||||||
)
|
)
|
||||||
oauth2Config := a.oauth2Config(nil)
|
oauth2Config := a.oauth2Config(nil)
|
||||||
switch {
|
switch r.Method {
|
||||||
case code != "":
|
case "GET":
|
||||||
|
// Authorization redirect callback from OAuth2 auth flow.
|
||||||
|
if errMsg := r.FormValue("error"); errMsg != "" {
|
||||||
|
http.Error(w, errMsg+": "+r.FormValue("error_description"), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
code := r.FormValue("code")
|
||||||
|
if code == "" {
|
||||||
|
http.Error(w, fmt.Sprintf("no code in request: %q", r.Form), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if state := r.FormValue("state"); state != exampleAppState {
|
||||||
|
http.Error(w, fmt.Sprintf("expected state %q got %q", exampleAppState, state), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
token, err = oauth2Config.Exchange(a.ctx, code)
|
token, err = oauth2Config.Exchange(a.ctx, code)
|
||||||
case refresh != "":
|
case "POST":
|
||||||
|
// Form request from frontend to refresh a token.
|
||||||
|
refresh := r.FormValue("refresh_token")
|
||||||
|
if refresh == "" {
|
||||||
|
http.Error(w, fmt.Sprintf("no refresh_token in request: %q", r.Form), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
t := &oauth2.Token{
|
t := &oauth2.Token{
|
||||||
RefreshToken: refresh,
|
RefreshToken: refresh,
|
||||||
Expiry: time.Now().Add(-time.Hour),
|
Expiry: time.Now().Add(-time.Hour),
|
||||||
}
|
}
|
||||||
token, err = oauth2Config.TokenSource(r.Context(), t).Token()
|
token, err = oauth2Config.TokenSource(r.Context(), t).Token()
|
||||||
default:
|
default:
|
||||||
http.Error(w, fmt.Sprintf("no code in request: %q", r.Form), http.StatusBadRequest)
|
http.Error(w, fmt.Sprintf("method not implemented: %s", r.Method), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ import (
|
|||||||
|
|
||||||
var indexTmpl = template.Must(template.New("index.html").Parse(`<html>
|
var indexTmpl = template.Must(template.New("index.html").Parse(`<html>
|
||||||
<body>
|
<body>
|
||||||
<form action="/login">
|
<form action="/login" method="post">
|
||||||
<p>
|
<p>
|
||||||
Authenticate for:<input type="text" name="cross_client" placeholder="list of client-ids">
|
Authenticate for:<input type="text" name="cross_client" placeholder="list of client-ids">
|
||||||
</p>
|
</p>
|
||||||
@ -50,8 +50,13 @@ pre {
|
|||||||
<body>
|
<body>
|
||||||
<p> Token: <pre><code>{{ .IDToken }}</code></pre></p>
|
<p> Token: <pre><code>{{ .IDToken }}</code></pre></p>
|
||||||
<p> Claims: <pre><code>{{ .Claims }}</code></pre></p>
|
<p> Claims: <pre><code>{{ .Claims }}</code></pre></p>
|
||||||
|
{{ if .RefreshToken }}
|
||||||
<p> Refresh Token: <pre><code>{{ .RefreshToken }}</code></pre></p>
|
<p> Refresh Token: <pre><code>{{ .RefreshToken }}</code></pre></p>
|
||||||
<p><a href="{{ .RedirectURL }}?refresh_token={{ .RefreshToken }}">Redeem refresh token</a><p>
|
<form action="{{ .RedirectURL }}" method="post">
|
||||||
|
<input type="hidden" name="refresh_token" value="{{ .RefreshToken }}">
|
||||||
|
<input type="submit" value="Redeem refresh token">
|
||||||
|
</form>
|
||||||
|
{{ end }}
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
`))
|
`))
|
||||||
|
Reference in New Issue
Block a user