Skip to content

Commit c030d51

Browse files
DeyiXuDeyiXu
committed
修改验证Token
1 parent cb2f61a commit c030d51

File tree

6 files changed

+235
-132
lines changed

6 files changed

+235
-132
lines changed

errors.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,12 @@ var (
4141
ErrVerifyCodeFuncNil = errors.New("OAuth2 Server VerifyCode Is Nil")
4242
// ErrVerifyScopeFuncNil ...
4343
ErrVerifyScopeFuncNil = errors.New("OAuth2 Server VerifyScope Is Nil")
44+
// ErrGenerateAccessTokenFuncNil ...
45+
ErrGenerateAccessTokenFuncNil = errors.New("OAuth2 Server GenerateAccessTokenFunc Is Nil")
46+
// ErrRefreshAccessTokenFuncNil ...
47+
ErrRefreshAccessTokenFuncNil = errors.New("OAuth2 Server ErrRefreshAccessTokenFuncNil Is Nil")
48+
// ErrParseAccessTokenFuncNil ...
49+
ErrParseAccessTokenFuncNil = errors.New("OAuth2 Server ParseAccessTokenFunc Is Nil")
4450
// ErrInvalidAccessToken 无效的访问令牌
4551
ErrInvalidAccessToken = errors.New("invalid_access_token")
4652
// ErrInvalidRedirectURI 无效的RedirectURI

examples/client/main.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,7 @@ func main() {
3131
})
3232
r.GET("/callback", func(c *gin.Context) {
3333
code := c.Query("code")
34-
state := c.Query("state")
35-
token, err := client.TokenAuthorizationCode(code, c.Request.URL.String(), state)
34+
token, err := client.TokenAuthorizationCode(code, c.Request.URL.String())
3635
if err != nil {
3736
c.JSON(200, gin.H{
3837
"message": "callback",

func.go

Lines changed: 97 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,11 @@
11
package oauth2
22

3+
import (
4+
"time"
5+
)
6+
37
// VerifyClientFunc 验证客户端委托
4-
type VerifyClientFunc func(clientID string) (basic *ClientBasic, err error)
8+
type VerifyClientFunc func(basic *ClientBasic) (err error)
59

610
// VerifyRedirectURIFunc 验证RedirectURI委托
711
type VerifyRedirectURIFunc func(clientID, redirectURI string) (err error)
@@ -15,5 +19,96 @@ type VerifyCodeFunc func(code, clientID, redirectURI string) (value *CodeValue,
1519
// VerifyPasswordFunc 验证账号密码委托
1620
type VerifyPasswordFunc func(username, password string) (openID string, err error)
1721

18-
// VerifyScopeFunc 验证范围
22+
// VerifyScopeFunc 验证范围委托
1923
type VerifyScopeFunc func(scope []string) (err error)
24+
25+
// GenerateAccessTokenFunc 生成AccessToken委托
26+
type GenerateAccessTokenFunc func(issuer, clientID, scope, openID string) (token *TokenResponse, err error)
27+
28+
// ParseAccessTokenFunc 解析AccessToken为JwtClaims委托
29+
type ParseAccessTokenFunc func(accessToken string) (claims *JwtClaims, err error)
30+
31+
// RefreshAccessTokenFunc 刷新AccessToken委托
32+
type RefreshAccessTokenFunc func(clientID, refreshToken string) (token *TokenResponse, err error)
33+
34+
// NewDefaultGenerateAccessToken 创建默认生成AccessToken方法
35+
func NewDefaultGenerateAccessToken(jwtVerifyKey []byte) GenerateAccessTokenFunc {
36+
return func(issuer, clientID, scope, openID string) (token *TokenResponse, err error) {
37+
accessJwtClaims := NewJwtClaims(issuer, clientID, scope, openID)
38+
var tokenStr string
39+
tokenStr, err = NewAccessToken(accessJwtClaims, jwtVerifyKey)
40+
if err != nil {
41+
err = ErrServerError
42+
}
43+
44+
refreshAccessJwtClaims := NewJwtClaims(issuer, clientID, ScopeRefreshToken, "")
45+
refreshAccessJwtClaims.Id = tokenStr
46+
var refreshTokenStr string
47+
refreshTokenStr, err = newJwtToken(accessJwtClaims, jwtVerifyKey)
48+
if err != nil {
49+
err = ErrServerError
50+
}
51+
token = &TokenResponse{
52+
AccessToken: tokenStr,
53+
TokenType: TokenTypeBearer,
54+
ExpiresIn: accessJwtClaims.ExpiresAt,
55+
RefreshToken: refreshTokenStr,
56+
Scope: scope,
57+
}
58+
return
59+
}
60+
}
61+
62+
// NewDefaultRefreshAccessToken 创建默认刷新AccessToken方法
63+
func NewDefaultRefreshAccessToken(jwtVerifyKey []byte) RefreshAccessTokenFunc {
64+
return func(clientID, refreshToken string) (token *TokenResponse, err error) {
65+
refreshTokenClaims := &JwtClaims{}
66+
refreshTokenClaims, err = ParseAccessToken(refreshToken, jwtVerifyKey)
67+
if err != nil {
68+
return
69+
}
70+
if refreshTokenClaims.Subject != clientID {
71+
err = ErrUnauthorizedClient
72+
return
73+
}
74+
if refreshTokenClaims.Scope != ScopeRefreshToken {
75+
err = ErrInvalidScope
76+
return
77+
}
78+
refreshTokenClaims.ExpiresAt = time.Now().Add(AccessTokenExpire).Unix()
79+
80+
var tokenClaims *JwtClaims
81+
tokenClaims, err = ParseAccessToken(refreshTokenClaims.Id, jwtVerifyKey)
82+
if err != nil {
83+
return
84+
}
85+
if tokenClaims.Subject != clientID {
86+
err = ErrUnauthorizedClient
87+
return
88+
}
89+
tokenClaims.ExpiresAt = time.Now().Add(AccessTokenExpire).Unix()
90+
91+
var refreshTokenStr string
92+
refreshTokenStr, err = NewAccessToken(refreshTokenClaims, jwtVerifyKey)
93+
if err != nil {
94+
return
95+
}
96+
var tokenStr string
97+
tokenStr, err = NewAccessToken(tokenClaims, jwtVerifyKey)
98+
token = &TokenResponse{
99+
AccessToken: tokenStr,
100+
RefreshToken: refreshTokenStr,
101+
TokenType: TokenTypeBearer,
102+
ExpiresIn: refreshTokenClaims.ExpiresAt,
103+
Scope: tokenClaims.Scope,
104+
}
105+
return
106+
}
107+
}
108+
109+
// NewDefaultParseAccessToken 创建默认解析AccessToken方法
110+
func NewDefaultParseAccessToken(jwtVerifyKey []byte) ParseAccessTokenFunc {
111+
return func(accessToken string) (claims *JwtClaims, err error) {
112+
return ParseAccessToken(accessToken, jwtVerifyKey)
113+
}
114+
}

jwt.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,12 @@ type JwtClaims struct {
1313
}
1414

1515
// NewJwtClaims ...
16-
func NewJwtClaims(issuer, clientID, scope, redirectURI, openID string) *JwtClaims {
16+
func NewJwtClaims(issuer, clientID, scope, openID string) *JwtClaims {
1717
currTime := time.Now()
1818
return &JwtClaims{
1919
StandardClaims: jwt.StandardClaims{
2020
// Audience = aud,接收jwt的一方
21-
Audience: redirectURI,
21+
Audience: clientID,
2222
// ExpiresAt = exp
2323
ExpiresAt: currTime.Add(AccessTokenExpire).Unix(),
2424
// IssuedAt = iat,jwt的签发时间

models.go

Lines changed: 52 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ func (code *CodeValue) MarshalBinary() ([]byte, error) {
2929
return json.Marshal(code)
3030
}
3131
func (code *CodeValue) UnmarshalBinary(data []byte) error {
32-
return json.Unmarshal(data,code)
32+
return json.Unmarshal(data, code)
3333
}
3434

3535
// ClientBasic 客户端基础
@@ -38,53 +38,54 @@ type ClientBasic struct {
3838
Secret string `json:"client_secret"`
3939
}
4040

41-
// GenerateAccessToken 生成AccessToken
42-
func (client *ClientBasic) GenerateAccessToken(issuer, redirectURI, scope, openID string) (token *TokenResponse, err error) {
43-
claims := NewJwtClaims(issuer, client.ID, scope, redirectURI, openID)
44-
claims.Audience = redirectURI
45-
46-
var tokenStr string
47-
tokenStr, err = NewAccessToken(claims, client.TokenVerifyKey())
48-
if err != nil {
49-
err = ErrServerError
50-
}
51-
var refreshTokenStr string
52-
refreshTokenStr, err = client.GenerateRefreshToken(issuer, tokenStr, redirectURI)
53-
if err != nil {
54-
err = ErrServerError
55-
}
56-
token = &TokenResponse{
57-
AccessToken: tokenStr,
58-
TokenType: TokenTypeBearer,
59-
ExpiresIn: claims.ExpiresAt,
60-
RefreshToken: refreshTokenStr,
61-
Scope: scope,
62-
}
63-
return
64-
}
65-
66-
// GenerateRefreshToken 生成刷新Token
67-
func (client *ClientBasic) GenerateRefreshToken(issuer, accessToken, redirectURI string) (token string, err error) {
68-
69-
claims := NewJwtClaims(issuer, client.ID, ScopeRefreshToken, redirectURI, "")
70-
claims.Id = accessToken
71-
72-
return newJwtToken(claims, client.TokenVerifyKey())
73-
}
74-
75-
// ParseAccessToken 解析AccessToken为JwtClaims
76-
func (client *ClientBasic) ParseAccessToken(accessToken string) (claims *JwtClaims, err error) {
77-
claims, err = ParseAccessToken(accessToken, client.TokenVerifyKey())
78-
if err != nil {
79-
err = ErrServerError
80-
}
81-
if claims.Valid() != nil {
82-
err = ErrAccessDenied
83-
}
84-
return
85-
}
86-
87-
// TokenVerifyKey ...
88-
func (client *ClientBasic) TokenVerifyKey() []byte {
89-
return []byte(client.ID + client.Secret)
90-
}
41+
//
42+
//// GenerateAccessToken 生成AccessToken
43+
//func (client *ClientBasic) GenerateAccessToken(issuer, redirectURI, scope, openID string) (token *TokenResponse, err error) {
44+
// claims := NewJwtClaims(issuer, client.ID, scope, redirectURI, openID)
45+
// claims.Audience = redirectURI
46+
//
47+
// var tokenStr string
48+
// tokenStr, err = NewAccessToken(claims, client.TokenVerifyKey())
49+
// if err != nil {
50+
// err = ErrServerError
51+
// }
52+
// var refreshTokenStr string
53+
// refreshTokenStr, err = client.GenerateRefreshToken(issuer, tokenStr, redirectURI)
54+
// if err != nil {
55+
// err = ErrServerError
56+
// }
57+
// token = &TokenResponse{
58+
// AccessToken: tokenStr,
59+
// TokenType: TokenTypeBearer,
60+
// ExpiresIn: claims.ExpiresAt,
61+
// RefreshToken: refreshTokenStr,
62+
// Scope: scope,
63+
// }
64+
// return
65+
//}
66+
//
67+
//// GenerateRefreshToken 生成刷新Token
68+
//func (client *ClientBasic) GenerateRefreshToken(issuer, accessToken, redirectURI string) (token string, err error) {
69+
//
70+
// claims := NewJwtClaims(issuer, client.ID, ScopeRefreshToken, redirectURI, "")
71+
// claims.Id = accessToken
72+
//
73+
// return newJwtToken(claims, client.TokenVerifyKey())
74+
//}
75+
//
76+
//// ParseAccessToken 解析AccessToken为JwtClaims
77+
//func (client *ClientBasic) ParseAccessToken(accessToken string) (claims *JwtClaims, err error) {
78+
// claims, err = ParseAccessToken(accessToken, client.TokenVerifyKey())
79+
// if err != nil {
80+
// err = ErrServerError
81+
// }
82+
// if claims.Valid() != nil {
83+
// err = ErrAccessDenied
84+
// }
85+
// return
86+
//}
87+
//
88+
//// TokenVerifyKey ...
89+
//func (client *ClientBasic) TokenVerifyKey() []byte {
90+
// return []byte(client.ID + client.Secret)
91+
//}

0 commit comments

Comments
 (0)