Permalink
Browse files

Merge pull request #35 from danielwhite/authorize-resource-owner

Allow authorization with a previously authenticated resource owner
  • Loading branch information...
2 parents 1b9bf32 + 6f97f22 commit ff59c3389063ad47ff0b8928a1d4724bacd73b98 @bipthelin bipthelin committed Jan 23, 2014
Showing with 37 additions and 10 deletions.
  1. +18 −10 src/oauth2.erl
  2. +19 −0 test/oauth2_tests.erl
View
@@ -24,6 +24,7 @@
%%%_* Exports ==========================================================
%%%_ * API -------------------------------------------------------------
-export([authorize_password/4]).
+-export([authorize_resource_owner/3]).
-export([authorize_client_credentials/4]).
-export([authorize_code_grant/5]).
-export([authorize_code_request/6]).
@@ -76,16 +77,23 @@ authorize_password(UId, Pwd, Scope, AppCtx1) ->
case ?BACKEND:authenticate_username_password(UId, Pwd, AppCtx1) of
{error, _} -> {error, access_denied};
{ok, {AppCtx2, ResOwner}} ->
- case ?BACKEND:verify_resowner_scope(ResOwner, Scope, AppCtx2) of
- {error, _} -> {error, invalid_scope};
- {ok, {AppCtx3, Scope2}} ->
- {ok, { AppCtx3
- , #authorization{
- resowner = ResOwner
- , scope = Scope2
- , ttl = oauth2_config:expiry_time(
- password_credentials) } }}
- end
+ authorize_resource_owner(ResOwner, Scope, AppCtx2)
+ end.
+
+%% @doc Authorizes a previously authenticated resource owner. Useful
+%% for Resource Owner Password Credentials Grant and Implicit Grant.
+-spec authorize_resource_owner(term(), scope(), appctx())
+ -> {ok, {appctx(), auth()}} | {error, error()}.
+authorize_resource_owner(ResOwner, Scope, AppCtx1) ->
+ case ?BACKEND:verify_resowner_scope(ResOwner, Scope, AppCtx1) of
+ {error, _} -> {error, invalid_scope};
+ {ok, {AppCtx2, Scope2}} ->
+ {ok, { AppCtx2
+ , #authorization{
+ resowner = ResOwner
+ , scope = Scope2
+ , ttl = oauth2_config:expiry_time(
+ password_credentials) } }}
end.
%% @doc Authorize client via its own credentials, i.e., a combination
View
@@ -76,6 +76,25 @@ bad_authorize_password_test_() ->
]
end}.
+authorize_resource_owner_test_() ->
+ {setup,
+ fun start/0,
+ fun stop/1,
+ fun(_) ->
+ [
+ ?_assertMatch({ok, _},
+ oauth2:authorize_resource_owner(
+ {user, 31337},
+ [<<"xyz">>],
+ foo_context)),
+ ?_assertMatch({error, invalid_scope},
+ oauth2:authorize_resource_owner(
+ {user, 31337},
+ <<"bad_scope">>,
+ foo_context))
+ ]
+ end}.
+
bad_authorize_client_credentials_test_() ->
{setup,
fun start/0,

0 comments on commit ff59c33

Please sign in to comment.