如何使用oauth2在Go中实现隐式授权

时间:2017-04-20 09:06:35

标签: go oauth oauth-2.0 alexa-skill

go version go1.7.4 linux/amd64

我正在尝试使用oauth2

获取amazon alexa登录
package main

import (
    "context"
    "encoding/json"
    "fmt"
    "html/template"
    "io/ioutil"
    "log"
    "net/http"
    "net/url"

    "golang.org/x/oauth2"
    "gopkg.in/oauth2.v3/errors"
    "gopkg.in/oauth2.v3/manage"
    "gopkg.in/oauth2.v3/models"
    "gopkg.in/oauth2.v3/server"
    "gopkg.in/oauth2.v3/store"
    "gopkg.in/session.v1"
)

var (
    config = oauth2.Config{
        ClientID:     "222222",
        ClientSecret: "22222222",
        Scopes:       []string{"all"},
        RedirectURL:  "https://pitangui.amazon.com/spa/skill/account-linking-status.html?vendorId=xxxxxxxxxxxx",
        Endpoint: oauth2.Endpoint{
            AuthURL:  "/authorize",
            TokenURL: "/token",
        },
    }
    globalSessions *session.Manager
)

func init() {
    globalSessions, _ = session.NewManager("memory", `{"cookieName":"gosessionid","gclifetime":3600}`)
    go globalSessions.GC()
}

func mainHandler(w http.ResponseWriter, r *http.Request) {

    w.Write([]byte("hello world"))
    fmt.Println("loginHandler")
}

/*
Function Name : main()

Function Description :    This function is capable of running this application and listen for requests comming in

*/
func main() {
    http.HandleFunc("/home", mainHandler)

    // Listen to port 8080 and handle requests

    //------------------------------client.go--------------------------------------------//
    http.HandleFunc("/client", func(w http.ResponseWriter, r *http.Request) {
        log.Println("client")
        u := config.AuthCodeURL("xyz")
        http.Redirect(w, r, u, http.StatusFound)
    })
    http.HandleFunc("/oauth2", func(w http.ResponseWriter, r *http.Request) {
        log.Println("oauth2")
        log.Println("request url is", r.RequestURI)
        log.Println("request method", r.Method)
        requestbody, _ := ioutil.ReadAll(r.Body)
        log.Println("request body is", string(requestbody))
        log.Println("request body is", requestbody)
        r.ParseForm()
        state := r.Form.Get("state")
        if state != "xyz" {
            http.Error(w, "State invalid", http.StatusBadRequest)
            return
        }
        code := r.Form.Get("code")
        log.Println("code is", code)
        if code == "" {
            http.Error(w, "Code not found", http.StatusBadRequest)
            return
        }
        token, err := config.Exchange(context.Background(), code)
        if err != nil {
            http.Error(w, err.Error(), http.StatusInternalServerError)
            return
        }
        log.Println("w is:", *token)
        e := json.NewEncoder(w)
        e.SetIndent("", "  ")
        e.Encode(*token)
    })
    //------------------------------client.go--------------------------------------------//
    //------------------------------server.go--------------------------------------------//
    manager := manage.NewDefaultManager()
    // token store
    manager.MustTokenStorage(store.NewMemoryTokenStore())

    clientStore := store.NewClientStore()
    clientStore.Set("222222", &models.Client{
        ID:     "222222",
        Secret: "22222222",
        Domain: "",
    })
    manager.MapClientStorage(clientStore)

    srv := server.NewServer(server.NewConfig(), manager)
    srv.SetUserAuthorizationHandler(userAuthorizeHandler)

    srv.SetInternalErrorHandler(func(err error) (re *errors.Response) {
        log.Println("Internal Error:", err.Error())
        return
    })

    srv.SetResponseErrorHandler(func(re *errors.Response) {
        log.Println("Response Error:", re.Error.Error())
    })

    http.HandleFunc("/login", loginHandler)
    http.HandleFunc("/auth", authHandler)

    http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
        log.Println("/authorize")
        requestbody, _ := ioutil.ReadAll(r.Body)
        log.Println("request body is", requestbody)
        log.Println("request url is", r.RequestURI)
        err := srv.HandleAuthorizeRequest(w, r)
        if err != nil {
            http.Error(w, err.Error(), http.StatusBadRequest)
        }
    })

    http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
        log.Println("/token")

        err := srv.HandleTokenRequest(w, r)
        if err != nil {
            http.Error(w, err.Error(), http.StatusInternalServerError)
        }
    })
    //------------------------------server.go--------------------------------------------//
    http.ListenAndServe(":8080", nil)

}

func userAuthorizeHandler(w http.ResponseWriter, r *http.Request) (userID string, err error) {
    log.Println("userAuthorizeHandler")
    us, err := globalSessions.SessionStart(w, r)
    uid := us.Get("UserID")
    if uid == nil {
        if r.Form == nil {
            r.ParseForm()
        }
        us.Set("Form", r.Form)
        w.Header().Set("Location", "/login")
        w.WriteHeader(http.StatusFound)
        return
    }
    userID = uid.(string)
    us.Delete("UserID")
    return
}
func loginHandler(w http.ResponseWriter, r *http.Request) {

    // do whatever you need to do
    if r.Method == "POST" {
        fmt.Println("login post method")
        us, err := globalSessions.SessionStart(w, r)
        if err != nil {
            fmt.Println("err:", err)
            http.Error(w, err.Error(), http.StatusInternalServerError)
            return
        }
        us.Set("LoggedInUserID", "000000")
        w.Header().Set("Location", "/auth")
        w.WriteHeader(http.StatusFound)
        return
    }
    myvar := map[string]interface{}{"MyVar": "hiiiiiiiiiiii"}
    outputHTML(w, "static/login.html", myvar)
}

func authHandler(w http.ResponseWriter, r *http.Request) {
    log.Println("authHandler")
    log.Println("request url is", r.RequestURI)
    log.Println("request method", r.Method)
    requestbody, _ := ioutil.ReadAll(r.Body)
    log.Println("request body is", string(requestbody))
    log.Println("request body is", requestbody)
    us, err := globalSessions.SessionStart(w, r)
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
        return
    }
    log.Println("LoggedInUserID:", us.Get("LoggedInUserID"))
    if us.Get("LoggedInUserID") == nil {
        w.Header().Set("Location", "/login")
        w.WriteHeader(http.StatusFound)
        return
    }
    if r.Method == "POST" {
        form := us.Get("Form").(url.Values)
        log.Println("form values entered are", form)
        u := new(url.URL)
        u.Path = "/authorize"
        u.RawQuery = form.Encode()
        w.Header().Set("Location", u.String())
        w.WriteHeader(http.StatusFound)
        us.Delete("Form")
        us.Set("UserID", us.Get("LoggedInUserID"))
        return
    }
    myvar := map[string]interface{}{"MyVar": "redirect url:" + "https://pitangui.amazon.com/spa/skill/account-linking-status.html?vendorId=M256OAZNG882Y2"}
    outputHTML(w, "static/auth.html", myvar)
}

func outputHTML(w http.ResponseWriter, filename string, data interface{}) {
    t, err := template.ParseFiles(filename)
    if err != nil {
        http.Error(w, err.Error(), 500)
        return
    }
    if err := t.Execute(w, data); err != nil {
        http.Error(w, err.Error(), 500)
        return
    }
}

我能够通过这个例子实现oauth,但现在我想用这个例子实现隐式授权oauth2。假设此示例不是隐式grant而是response_type = code

1 个答案:

答案 0 :(得分:1)

要实现隐式授权,您只需要response_type和client_id。见RFC6749。以下是示例GET请求

 GET /authorize?response_type=token&client_id=s6BhdRkqt3&state=xyz
        &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1
    Host: server.example.com

您可以先使用Curl进行测试。这是卷曲

curl --data "response_type=token&client_id=227a1cb1&state=xyz" https://hosturl/oauth2/authorize