So how exactly does the SetPasswordAuthorizationHandler work?

[mikepc]

So I'm trying to add a /register and /login endpoint that accepts a JSON payload with the email/password credentials of the user, and looking at the docs and the API, it's not readily apparent exactly what I should do to authenticate the user and issue a token.

The example is awesome for showing how to be an oauth server, but I'd like my local login flow to issue the token as well as any outside auth providers via oauth.

I'm certain that the library is capable of this, I'm just kind of struggling for the implementation.

func (client *localAuthClient)  AuthenticateUser(email string, password string) (string, error) {
	c := client.DB.C("users")
	user := &models.User{}
	err := c.Find(bson.M{ "email": email }).One(user)
	if err != nil {
		return "", err
	}

	if comparePasswords(user.Password, []byte(password)) {
		return user.ID.Hex(), nil
	}

	return "", errors.New("email/password combination is not a match")

}

And in my main.go:

srv.SetPasswordAuthorizationHandler(localAuthClient.AuthenticateUser)

But I'm having a disconnect at this point. How do I instruct the API to run my password authentication flow in an endpoint that will generate a token (a JWT specifically, but that looks straightforward enough)?

[LyricTian]

I tried to understand your needs. Do you want to use password mode to generate an access token with JWT? If so, the rough process is this (also in the example):

        manager := manage.NewDefaultManager()
	manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)

	// token store
	manager.MustTokenStorage(store.NewMemoryTokenStore())

	// generate jwt access token
	manager.MapAccessGenerate(generates.NewJWTAccessGenerate([]byte("00000000"), jwt.SigningMethodHS512))

	clientStore := store.NewClientStore()
	clientStore.Set("222222", &models.Client{
		ID:     "222222",
		Secret: "22222222",
		Domain: "http://localhost:9094",
	})
	manager.MapClientStorage(clientStore)

	srv := server.NewServer(server.NewConfig(), manager)

	srv.SetPasswordAuthorizationHandler(func(username, password string) (userID string, err error) {
		if username == "test" && password == "test" {
			userID = "test"
		}
		return
	})

Parse and verify jwt access token

token, err := jwt.ParseWithClaims(access, &generates.JWTAccessClaims{}, func(t *jwt.Token) (interface{}, error) {
	if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
		return nil, fmt.Errorf("parse error")
	}
	return []byte("00000000"), nil
})
if err != nil {
	// panic(err)
}

claims, ok := token.Claims.(*generates.JWTAccessClaims)
if !ok || !token.Valid {
	// panic("invalid token")
}

[mikepc]

I figured it out! You guys rock!

[mikepc]

The key disconnect I had was understanding the expected flow of my app. After I dug around in the api and saw the implementation I figured out what the path was and could debug properly to get everything working. Everything is working, sorry for the question.

…

On Mon, Mar 25, 2019 at 9:06 PM Lyric ***@***.***> wrote: I tried to understand your needs. Do you want to use password mode to generate an access token with JWT? If so, the rough process is this (also in the example): manager := manage.NewDefaultManager() manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg) // token store manager.MustTokenStorage(store.NewMemoryTokenStore()) // generate jwt access token manager.MapAccessGenerate(generates.NewJWTAccessGenerate([]byte("00000000"), jwt.SigningMethodHS512)) clientStore := store.NewClientStore() clientStore.Set("222222", &models.Client{ ID: "222222", Secret: "22222222", Domain: "http://localhost:9094", }) manager.MapClientStorage(clientStore) srv := server.NewServer(server.NewConfig(), manager) srv.SetPasswordAuthorizationHandler(func(username, password string) (userID string, err error) { if username == "test" && password == "test" { userID = "test" } return }) Parse and verify jwt access token token, err := jwt.ParseWithClaims(access, &generates.JWTAccessClaims{}, func(t *jwt.Token) (interface{}, error) { if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("parse error") } return []byte("00000000"), nil })if err != nil { // panic(err) } claims, ok := token.Claims.(*generates.JWTAccessClaims)if !ok || !token.Valid { // panic("invalid token") } — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#100 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA1ok84IjgVKGCNWgyZPgk48ahI4fi9Dks5vaZzhgaJpZM4cKceN> .