go-aah/aah#187 added ondemand refresh oauth2 token method

.travis.yml

@@ -11,7 +11,7 @@ branches:
 
 go:
   - 1.9
-  - "1.10"
+  - 1.x
   - tip
 
 go_import_path: aahframework.org/security.v0

anticsrf/anti_csrf_test.go

@@ -1,5 +1,5 @@
 // Copyright (c) Jeevanandam M. (https://github.com/jeevatkm)
-// go-aah/security source code and usage is governed by a MIT style
+// aahframework.org/security source code and usage is governed by a MIT style
 // license that can be found in the LICENSE file.
 
 package anticsrf
@@ -74,8 +74,6 @@ func TestAntiCSRFSecret(t *testing.T) {
 	_ = req.ParseForm()
 
 	areq := ahttp.AcquireRequest(req)
-	areq.Params.Form = req.Form
-
 	secret := antiCSRF.CipherSecret(areq)
 	requestSecret := antiCSRF.RequestCipherSecret(areq)
 	assert.True(t, bytes.Equal(secret, requestSecret))

scheme/oauth2.go

@@ -9,6 +9,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"net/http"
 	"net/url"
 	"path"
 	"strconv"
@@ -56,6 +57,7 @@ var (
 	ErrOAuth2MissingStateOrCode = errors.New("oauth2: callback missing state or code")
 	ErrOAuth2InvalidState       = errors.New("oauth2: invalid state")
 	ErrOAuth2Exchange           = errors.New("oauth2: exchange failed, unable to get token")
+	ErrOAuth2TokenIsValid       = errors.New("oauth2: token is vaild")
 )
 
 //‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
@@ -101,14 +103,16 @@ func (o *OAuth2) Init(appCfg *config.Config, keyName string) error {
 	}
 
 	o.oauthCfg.Scopes, _ = o.AppConfig.StringList(o.ConfigKey("client.scopes"))
-	provider := o.AppConfig.StringDefault(o.ConfigKey("provider.name"), "nil")
+	provider := o.AppConfig.StringDefault(o.ConfigKey("client.provider.name"), "nil")
 	endpoint := inferEndpoint(provider)
 	if ess.IsStrEmpty(endpoint.AuthURL) && ess.IsStrEmpty(endpoint.TokenURL) {
-		authURL := o.AppConfig.StringDefault(o.ConfigKey("provider.url.auth"), "")
-		tokenURL := o.AppConfig.StringDefault(o.ConfigKey("provider.url.token"), "")
+		authURL := o.AppConfig.StringDefault(o.ConfigKey("client.provider.url.auth"), "")
+		tokenURL := o.AppConfig.StringDefault(o.ConfigKey("client.provider.url.token"), "")
 		if ess.IsStrEmpty(authURL) || ess.IsStrEmpty(tokenURL) {
 			return fmt.Errorf("%s: either one is required '%s' or (%s and %s)",
-				o.KeyName, o.ConfigKey("provider.name"), o.ConfigKey("provider.url.auth"), o.ConfigKey("provider.url.token"))
+				o.KeyName, o.ConfigKey("client.provider.name"),
+				o.ConfigKey("client.provider.url.auth"),
+				o.ConfigKey("client.provider.url.token"))
 		}
 		o.oauthCfg.Endpoint = oauth2.Endpoint{AuthURL: authURL, TokenURL: tokenURL}
 	} else {
@@ -134,6 +138,28 @@ func (o *OAuth2) Config() *oauth2.Config {
 	return o.oauthCfg
 }
 
+// Client method returns Go HTTP client configured with given OAuth2 Token.
+func (o *OAuth2) Client(token *oauth2.Token) *http.Client {
+	return o.oauthCfg.Client(context.Background(), token)
+}
+
+// RefreshAccessToken method returns new OAuth2 token if given token was expried
+// otherwise returns error `scheme.ErrOAuth2TokenIsValid`.
+func (o *OAuth2) RefreshAccessToken(token *oauth2.Token) (*oauth2.Token, error) {
+	tsrc := o.oauthCfg.TokenSource(context.Background(), token)
+	tn, err := tsrc.Token()
+	if err != nil {
+		return nil, err
+	}
+
+	// if its same access token then given token is stil vaild
+	if tn.AccessToken == token.AccessToken {
+		return nil, ErrOAuth2TokenIsValid
+	}
+
+	return tn, nil
+}
+
 // ProviderAuthURL method returns aah generated state value and OAuth2 login URL.
 func (o *OAuth2) ProviderAuthURL(r *ahttp.Request) (string, string) {
 	if !o.redirectUpdated {

scheme/oauth2_test.go

@@ -79,8 +79,9 @@ func TestOAuth2InitializeError(t *testing.T) {
 			}
 			`,
 			keyname: "facebook_auth",
-			err: errors.New("facebook_auth: either one is required 'security.auth_schemes.facebook_auth.provider.name' " +
-				"or (security.auth_schemes.facebook_auth.provider.url.auth and security.auth_schemes.facebook_auth.provider.url.token)"),
+			err: errors.New("facebook_auth: either one is required 'security.auth_schemes.facebook_auth.client.provider.name' " +
+				"or (security.auth_schemes.facebook_auth.client.provider.url.auth and " +
+				"security.auth_schemes.facebook_auth.client.provider.url.token)"),
 		},
 		{
 			label: "OAuth2 authorizer is missing",
@@ -92,9 +93,9 @@ func TestOAuth2InitializeError(t *testing.T) {
 						client {
 							id = "client id"
 							secret = "client secret"
-						}
-						provider {
-							name = "facebook"
+							provider {
+								name = "facebook"
+							}
 						}
 						principal = "security/SubjectPrincipalProvider"
 					}
@@ -115,9 +116,9 @@ func TestOAuth2InitializeError(t *testing.T) {
 						client {
 							id = "client id"
 							secret = "client secret"
-						}
-						provider {
-							name = "facebook"
+							provider {
+								name = "facebook"
+							}
 						}
 						principal = "security/SubjectPrincipalProvider"
 						authorizer = "security/AuthorizationProvider"
@@ -137,12 +138,12 @@ func TestOAuth2InitializeError(t *testing.T) {
 						client {
 							id = "client id"
 							secret = "client secret"
-						}
-						provider {
-							url {
-			          auth = "https://provider.com/o/oauth2/auth"
-			          token = "https://provider.com/o/oauth2/token"
-			        }
+							provider {
+								url {
+				          auth = "https://provider.com/o/oauth2/auth"
+				          token = "https://provider.com/o/oauth2/token"
+				        }
+							}
 						}
 						principal = "security/SubjectPrincipalProvider"
 						authorizer = "security/AuthorizationProvider"
@@ -193,11 +194,11 @@ security {
 				id = "clientid"
 				secret = "clientsecret"
 				sign_key = "5a977494319cde3203fbb49711f08ad2"
-			}
-			provider {
-				url {
-					auth = "http://localhost/auth/login"
-					token = "http://localhost/auth/token"
+				provider {
+					url {
+						auth = "http://localhost/auth/login"
+						token = "http://localhost/auth/token"
+					}
 				}
 			}
 			principal = "security/SubjectPrincipalProvider"