/
oauth2_authorize_code.go
106 lines (80 loc) · 2.72 KB
/
oauth2_authorize_code.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package cmd
import (
"context"
"net/http"
"github.com/cloudentity/oauth2c/internal/oauth2"
"github.com/cli/browser"
)
func (c *OAuth2Cmd) AuthorizationCodeGrantFlow(clientConfig oauth2.ClientConfig, serverConfig oauth2.ServerConfig, hc *http.Client) error {
var (
parRequest oauth2.Request
parResponse oauth2.PARResponse
authorizeRequest oauth2.Request
callbackRequest oauth2.Request
tokenRequest oauth2.Request
tokenResponse oauth2.TokenResponse
codeVerifier string
err error
)
LogHeader("Authorization Code Flow")
if clientConfig.PAR {
LogSection("Request PAR")
if parRequest, parResponse, authorizeRequest, codeVerifier, err = oauth2.RequestPAR(context.Background(), clientConfig, serverConfig, hc); err != nil {
LogRequestAndResponseln(parRequest, err)
return err
}
LogAssertion(parRequest, "Client assertion", "client_assertion")
LogAuthMethod(clientConfig)
LogRequestObject(parRequest)
LogRequestAndResponse(parRequest, parResponse)
LogSection("Request authorization")
LogRequest(authorizeRequest)
} else {
LogSection("Request authorization")
if authorizeRequest, codeVerifier, err = oauth2.RequestAuthorization(clientConfig, serverConfig, hc); err != nil {
return err
}
LogRequestObject(authorizeRequest)
LogRequest(authorizeRequest)
}
if codeVerifier != "" {
Logln()
LogBox("PKCE", "code_verifier = %s\ncode_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier)))", codeVerifier)
}
Logfln("\nOpen the following URL:\n\n%s\n", authorizeRequest.URL.String())
if err = browser.OpenURL(authorizeRequest.URL.String()); err != nil {
LogError(err)
}
Logln()
// callback
callbackStatus := LogAction("Waiting for callback. Go to the browser to authenticate...")
if callbackRequest, err = oauth2.WaitForCallback(clientConfig, serverConfig, hc); err != nil {
LogRequestln(callbackRequest)
return err
}
LogRequest(callbackRequest)
LogJARM(callbackRequest)
Logln()
callbackStatus("Obtained authorization code")
LogSection("Exchange authorization code for token")
// token exchange
exchangeStatus := LogAction("Exchaging authorization code for access token")
if tokenRequest, tokenResponse, err = oauth2.RequestToken(
context.Background(),
clientConfig,
serverConfig,
hc,
oauth2.WithAuthorizationCode(callbackRequest.Get("code")),
oauth2.WithRedirectURL(clientConfig.RedirectURL),
oauth2.WithCodeVerifier(codeVerifier),
); err != nil {
LogRequestAndResponseln(tokenRequest, err)
return err
}
LogAuthMethod(clientConfig)
LogRequestAndResponse(tokenRequest, tokenResponse)
LogTokenPayloadln(tokenResponse)
exchangeStatus("Exchanged authorization code for access token")
c.PrintResult(tokenResponse)
return nil
}