From a95ae8a5481a4f949f99c400bc295aa4ec52c980 Mon Sep 17 00:00:00 2001
From: Derek Bassett <dbassett@twilio.com>
Date: Thu, 25 Mar 2021 17:02:50 -0600
Subject: [PATCH 1/2] Proof of concept

---
 example/server/server.go | 72 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 63 insertions(+), 9 deletions(-)

diff --git a/example/server/server.go b/example/server/server.go
index da3993d..624c6b6 100644
--- a/example/server/server.go
+++ b/example/server/server.go
@@ -2,15 +2,18 @@ package main
 
 import (
 	"encoding/json"
+	"flag"
+	"fmt"
+	"github.com/go-oauth2/oauth2/v4/generates"
+	"io"
 	"log"
 	"net/http"
+	"net/http/httputil"
 	"net/url"
 	"os"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
 	"github.com/go-oauth2/oauth2/v4/errors"
-	"github.com/go-oauth2/oauth2/v4/generates"
 	"github.com/go-oauth2/oauth2/v4/manage"
 	"github.com/go-oauth2/oauth2/v4/models"
 	"github.com/go-oauth2/oauth2/v4/server"
@@ -18,7 +21,27 @@ import (
 	"github.com/go-session/session"
 )
 
+var (
+	dumpvar   bool
+	idvar     string
+	secretvar string
+	domainvar string
+	portvar   int
+)
+
+func init() {
+	flag.BoolVar(&dumpvar, "d", true, "Dump requests and responses")
+	flag.StringVar(&idvar, "i", "222222", "The client id being passed in")
+	flag.StringVar(&secretvar, "s", "22222222", "The client secret being passed in")
+	flag.StringVar(&domainvar, "r", "http://localhost:9094", "The domain of the redirect url")
+	flag.IntVar(&portvar, "p", 9096, "the base port for the server")
+}
+
 func main() {
+	flag.Parse()
+	if dumpvar {
+		log.Println("Dumping requests")
+	}
 	manager := manage.NewDefaultManager()
 	manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)
 
@@ -26,13 +49,14 @@ func main() {
 	manager.MustTokenStorage(store.NewMemoryTokenStore())
 
 	// generate jwt access token
-	manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte("00000000"), jwt.SigningMethodHS512))
+	// manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte("00000000"), jwt.SigningMethodHS512))
+	manager.MapAccessGenerate(generates.NewAccessGenerate())
 
 	clientStore := store.NewClientStore()
-	clientStore.Set("222222", &models.Client{
-		ID:     "222222",
-		Secret: "22222222",
-		Domain: "http://localhost:9094",
+	clientStore.Set(idvar, &models.Client{
+		ID:     idvar,
+		Secret: secretvar,
+		Domain: domainvar,
 	})
 	manager.MapClientStorage(clientStore)
 
@@ -60,6 +84,10 @@ func main() {
 	http.HandleFunc("/auth", authHandler)
 
 	http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
+		if dumpvar {
+			dumpRequest(os.Stdout, "authorize", r)
+		}
+
 		store, err := session.Start(r.Context(), w, r)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -82,6 +110,10 @@ func main() {
 	})
 
 	http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
+		if dumpvar {
+			_ = dumpRequest(os.Stdout, "token", r) // Ignore the error
+		}
+
 		err := srv.HandleTokenRequest(w, r)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -89,6 +121,9 @@ func main() {
 	})
 
 	http.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) {
+		if dumpvar {
+			_ = dumpRequest(os.Stdout, "test", r) // Ignore the error
+		}
 		token, err := srv.ValidationBearerToken(r)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
@@ -105,11 +140,24 @@ func main() {
 		e.Encode(data)
 	})
 
-	log.Println("Server is running at 9096 port.")
-	log.Fatal(http.ListenAndServe(":9096", nil))
+	log.Printf("Server is running at %d port.\n", portvar)
+	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d",portvar), nil))
+}
+
+func dumpRequest(writer io.Writer, header string, r *http.Request) error {
+	data, err := httputil.DumpRequest(r, true)
+	if err != nil {
+		return err
+	}
+	writer.Write([]byte("\n" + header + ": \n"))
+	writer.Write(data)
+	return nil
 }
 
 func userAuthorizeHandler(w http.ResponseWriter, r *http.Request) (userID string, err error) {
+	if dumpvar {
+		_ = dumpRequest(os.Stdout, "userAuthorizeHandler", r) // Ignore the error
+	}
 	store, err := session.Start(r.Context(), w, r)
 	if err != nil {
 		return
@@ -136,6 +184,9 @@ func userAuthorizeHandler(w http.ResponseWriter, r *http.Request) (userID string
 }
 
 func loginHandler(w http.ResponseWriter, r *http.Request) {
+	if dumpvar {
+		_ = dumpRequest(os.Stdout, "login", r) // Ignore the error
+	}
 	store, err := session.Start(r.Context(), w, r)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -160,6 +211,9 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func authHandler(w http.ResponseWriter, r *http.Request) {
+	if dumpvar {
+		_ = dumpRequest(os.Stdout, "auth", r) // Ignore the error
+	}
 	store, err := session.Start(nil, w, r)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)

From e45c3c1c0f70c970def1c1add01e8bc117a97c99 Mon Sep 17 00:00:00 2001
From: Derek Bassett <dbassett@twilio.com>
Date: Thu, 25 Mar 2021 17:11:53 -0600
Subject: [PATCH 2/2] Dump request works.

---
 example/client/client.go        | 4 ++--
 example/server/server.go        | 6 ++++--
 example/server/static/auth.html | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/example/client/client.go b/example/client/client.go
index 2999330..31bf4a4 100644
--- a/example/client/client.go
+++ b/example/client/client.go
@@ -26,8 +26,8 @@ var (
 		Scopes:       []string{"all"},
 		RedirectURL:  "http://localhost:9094/oauth2",
 		Endpoint: oauth2.Endpoint{
-			AuthURL:  authServerURL + "/authorize",
-			TokenURL: authServerURL + "/token",
+			AuthURL:  authServerURL + "/oauth/authorize",
+			TokenURL: authServerURL + "/oauth/token",
 		},
 	}
 	globalToken *oauth2.Token // Non-concurrent security
diff --git a/example/server/server.go b/example/server/server.go
index 624c6b6..79a34fd 100644
--- a/example/server/server.go
+++ b/example/server/server.go
@@ -83,7 +83,7 @@ func main() {
 	http.HandleFunc("/login", loginHandler)
 	http.HandleFunc("/auth", authHandler)
 
-	http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
+	http.HandleFunc("/oauth/authorize", func(w http.ResponseWriter, r *http.Request) {
 		if dumpvar {
 			dumpRequest(os.Stdout, "authorize", r)
 		}
@@ -109,7 +109,7 @@ func main() {
 		}
 	})
 
-	http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
+	http.HandleFunc("/oauth/token", func(w http.ResponseWriter, r *http.Request) {
 		if dumpvar {
 			_ = dumpRequest(os.Stdout, "token", r) // Ignore the error
 		}
@@ -141,6 +141,8 @@ func main() {
 	})
 
 	log.Printf("Server is running at %d port.\n", portvar)
+	log.Printf("Point your OAuth client Auth endpoint to %s:%d%s", "http://localhost", portvar, "/oauth/authorize")
+	log.Printf("Point your OAuth client Token endpoint to %s:%d%s", "http://localhost", portvar, "/oauth/token")
 	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d",portvar), nil))
 }
 
diff --git a/example/server/static/auth.html b/example/server/static/auth.html
index 2e94e37..0043e21 100644
--- a/example/server/static/auth.html
+++ b/example/server/static/auth.html
@@ -14,7 +14,7 @@
   <body>
     <div class="container">
       <div class="jumbotron">
-        <form action="/authorize" method="POST">
+        <form action="/oauth/authorize" method="POST">
           <h1>Authorize</h1>
           <p>The client would like to perform actions on your behalf.</p>
           <p>