-
Notifications
You must be signed in to change notification settings - Fork 3
/
iam_authorization.go
134 lines (119 loc) · 4.29 KB
/
iam_authorization.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package corbel
import (
"bytes"
"fmt"
"net/http"
"net/url"
"time"
"github.com/dgrijalva/jwt-go"
)
type iamOauthTokenResponse struct {
AccessToken string `json:"accessToken,omitempty"`
ExpiresAt int64 `json:"expiresAt,omitempty"`
RefreshToken string `json:"refreshToken,omitempty"`
}
// OauthToken gets an access token
//
// API Docs: http://docs.silkroadiam.apiary.io/#reference/authorization/oauthtoken
func (i *IAMService) OauthToken() error {
i.client.logger.Debug("requesting OauthToken")
return i.OauthTokenBasicAuth("", "")
}
// RefreshToken gets an access token
//
// API Docs: http://docs.silkroadiam.apiary.io/#reference/authorization/oauthtoken
func (i *IAMService) RefreshToken() error {
i.client.logger.Debug("refreshing token")
token := i.newToken()
token.Claims["refresh_token"] = i.client.CurrentRefreshToken
// fmt.Println("token:", token)
return i.auth(token)
}
//OauthTokenPrn get user access token to use it
func (i *IAMService) OauthTokenPrn(username string) error {
i.client.logger.Debugf("requesting OauthTokenPrn for %s", username)
token := i.newToken()
token.Claims["prn"] = username
return i.auth(token)
}
// OauthTokenBasicAuth gets an access token using username/password scheme (basic auth)
//
// API Docs: http://docs.silkroadiam.apiary.io/#reference/authorization/oauthtoken
func (i *IAMService) OauthTokenBasicAuth(username, password string) error {
i.client.logger.Debugf("requesting OauthTokenBasicAuth for %s", username)
token := i.newToken()
// looking for basic auth pair
if username != "" {
token.Claims["basic_auth.username"] = username
}
if password != "" {
token.Claims["basic_auth.password"] = password
}
return i.auth(token)
}
func (i *IAMService) auth(token *jwt.Token) error {
// Sign and get the complete encoded token as a string
tokenString, err := token.SignedString([]byte(i.client.ClientSecret))
i.client.logger.Debugf("token: %s", tokenString)
if err != nil {
return errJWTEncodingError
}
values := url.Values{}
values.Set("grant_type", grantType)
values.Set("assertion", tokenString)
req, err := http.NewRequest("POST", fmt.Sprintf("%s", i.client.URLFor("iam", "/v1.0/oauth/token")), bytes.NewBufferString(values.Encode()))
if err != nil {
return err
}
req.Header.Add("User-Agent", i.client.UserAgent)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
var iamResponse iamOauthTokenResponse
_, err = returnErrorHTTPInterface(i.client, req, err, &iamResponse, 200)
if err != nil {
return err
}
i.client.logger.Debugf("upgrading token. Access token: %s, Refresh token: %s", iamResponse.AccessToken, iamResponse.RefreshToken)
i.client.CurrentToken = iamResponse.AccessToken
i.client.CurrentTokenExpiresAt = iamResponse.ExpiresAt
i.client.CurrentRefreshToken = iamResponse.RefreshToken
return nil
}
func (i *IAMService) newToken() *jwt.Token {
signingMethod := jwt.GetSigningMethod(i.client.ClientJWTSigningMethod)
token := jwt.New(signingMethod)
// Required JWT Claims for SR
token.Claims["iss"] = i.client.ClientID
token.Claims["aud"] = "http://iam.bqws.io"
token.Claims["scope"] = i.client.ClientScopes
// convert to time.Duration
duration := time.Duration(i.client.TokenExpirationTime) * time.Millisecond
token.Claims["exp"] = time.Now().Add(duration).Unix()
token.Claims["domain"] = i.client.ClientDomain
token.Claims["name"] = i.client.ClientName
return token
}
// OauthTokenUpgrade upgrade the token using the token generated by the module Assets
// on /assets/access and adds the scopes assigned at assets level to the current
// logged user returning a new token with those additional scopes.
//
// API Docs: http://docs.silkroadiam.apiary.io/#reference/authorization/oauthtokenupgrade
func (i *IAMService) OauthTokenUpgrade(assetsToken string) error {
var (
err error
req *http.Request
res *http.Response
values = url.Values{}
)
//values := url.Values{}
values.Set("grant_type", grantType)
values.Set("assertion", assetsToken)
req, _ = http.NewRequest("GET", fmt.Sprintf("%s", i.client.URLFor("iam", "/v1.0/oauth/token/upgrade")),
bytes.NewBufferString(values.Encode()))
req.Header.Add("User-Agent", userAgent)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
res, err = i.client.httpClient.Do(req)
if res.StatusCode == 401 {
return errHTTPNotAuthorized
}
return err
}