Golang Oauth2获取令牌范围

时间:2015-06-24 13:30:52

标签: go

使用Golang的Oauth2库时:

https://godoc.org/golang.org/x/oauth2#Token

我交换访问令牌的授权码,然后我回到这个结构:

type Token struct {
    // AccessToken is the token that authorizes and authenticates
    // the requests.
    AccessToken string `json:"access_token"`

    // TokenType is the type of token.
    // The Type method returns either this or "Bearer", the default.
    TokenType string `json:"token_type,omitempty"`

    // RefreshToken is a token that's used by the application
    // (as opposed to the user) to refresh the access token
    // if it expires.
    RefreshToken string `json:"refresh_token,omitempty"`

    // Expiry is the optional expiration time of the access token.
    //
    // If zero, TokenSource implementations will reuse the same
    // token forever and RefreshToken or equivalent
    // mechanisms for that TokenSource will not be used.
    Expiry time.Time `json:"expiry,omitempty"`
    // contains filtered or unexported fields
}

现在,当我在我的应用程序中使用此访问令牌时,我需要知道授予令牌的范围。

但我没有看到任何属性或方法来获得范围?

如何获取令牌的范围,以便我可以根据它限制用户的权限?

我可以看到Config结构有Scopes切片:

type Config struct {
    // ClientID is the application's ID.
    ClientID string

    // ClientSecret is the application's secret.
    ClientSecret string

    // Endpoint contains the resource server's token endpoint
    // URLs. These are constants specific to each server and are
    // often available via site-specific packages, such as
    // google.Endpoint or github.Endpoint.
    Endpoint Endpoint

    // RedirectURL is the URL to redirect users going through
    // the OAuth flow, after the resource owner's URLs.
    RedirectURL string

    // Scope specifies optional requested permissions.
    Scopes []string
}

在我看来,没有办法从令牌中获取范围?

范围的重点是,它应该是访问令牌的一部分,以便验证权限?

请参阅规范:https://tools.ietf.org/html/rfc6749#page-23

1 个答案:

答案 0 :(得分:0)

这应该可以解决问题

    func GetTokensScope(tokUrl string, clientId string, secret string) (string,error){
        body := bytes.NewBuffer([]byte("grant_type=client_credentials&client_id="+clientId+"&client_secret="+secret+"&response_type=token"))
        req, err := http.NewRequest("POST",tokUrl,body)
        req.Header.Set("Content-Type","application/x-www-form-urlencoded")  
        client := &http.Client{}
        resp, err := client.Do(req)
        if err != nil {
            return "",err
        }

        defer resp.Body.Close()
        rsBody, err := ioutil.ReadAll(resp.Body)
        type WithScope struct {
            Scope string `json:"scope"`
        }
        var dat WithScope
        err = json.Unmarshal(rsBody,&dat)
        if err != nil {
            return "",err
        }

        return dat.Scope,err
    }