Skip to content

Loading…

Allow authorization with a previously authenticated resource owner #35

Merged
merged 1 commit into from

2 participants

@danielwhite

This adds a new function authorize_resource_owner/3 for establishing
authorization where the resource owner has already been authenticated.
Useful in the case where the Authentication Server is separate to the
Authorization Server.

@danielwhite danielwhite Allow authorization with a previously authenticated resource owner
This adds a new function `authorize_resource_owner/3` for establishing
authorization where the resource owner has already been authenticated.
Useful in the case where the Authentication Server is separate to the
Authorization Server.
6f97f22
@bipthelin bipthelin merged commit ff59c33 into kivra:master

1 check passed

Details default The Travis CI build passed
@bipthelin

Good stuff !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 23, 2014
  1. @danielwhite

    Allow authorization with a previously authenticated resource owner

    danielwhite committed
    This adds a new function `authorize_resource_owner/3` for establishing
    authorization where the resource owner has already been authenticated.
    Useful in the case where the Authentication Server is separate to the
    Authorization Server.
This page is out of date. Refresh to see the latest.
Showing with 37 additions and 10 deletions.
  1. +18 −10 src/oauth2.erl
  2. +19 −0 test/oauth2_tests.erl
View
28 src/oauth2.erl
@@ -24,6 +24,7 @@
%%%_* Exports ==========================================================
%%%_ * API -------------------------------------------------------------
-export([authorize_password/4]).
+-export([authorize_resource_owner/3]).
-export([authorize_client_credentials/4]).
-export([authorize_code_grant/5]).
-export([authorize_code_request/6]).
@@ -76,16 +77,23 @@ authorize_password(UId, Pwd, Scope, AppCtx1) ->
case ?BACKEND:authenticate_username_password(UId, Pwd, AppCtx1) of
{error, _} -> {error, access_denied};
{ok, {AppCtx2, ResOwner}} ->
- case ?BACKEND:verify_resowner_scope(ResOwner, Scope, AppCtx2) of
- {error, _} -> {error, invalid_scope};
- {ok, {AppCtx3, Scope2}} ->
- {ok, { AppCtx3
- , #authorization{
- resowner = ResOwner
- , scope = Scope2
- , ttl = oauth2_config:expiry_time(
- password_credentials) } }}
- end
+ authorize_resource_owner(ResOwner, Scope, AppCtx2)
+ end.
+
+%% @doc Authorizes a previously authenticated resource owner. Useful
+%% for Resource Owner Password Credentials Grant and Implicit Grant.
+-spec authorize_resource_owner(term(), scope(), appctx())
+ -> {ok, {appctx(), auth()}} | {error, error()}.
+authorize_resource_owner(ResOwner, Scope, AppCtx1) ->
+ case ?BACKEND:verify_resowner_scope(ResOwner, Scope, AppCtx1) of
+ {error, _} -> {error, invalid_scope};
+ {ok, {AppCtx2, Scope2}} ->
+ {ok, { AppCtx2
+ , #authorization{
+ resowner = ResOwner
+ , scope = Scope2
+ , ttl = oauth2_config:expiry_time(
+ password_credentials) } }}
end.
%% @doc Authorize client via its own credentials, i.e., a combination
View
19 test/oauth2_tests.erl
@@ -76,6 +76,25 @@ bad_authorize_password_test_() ->
]
end}.
+authorize_resource_owner_test_() ->
+ {setup,
+ fun start/0,
+ fun stop/1,
+ fun(_) ->
+ [
+ ?_assertMatch({ok, _},
+ oauth2:authorize_resource_owner(
+ {user, 31337},
+ [<<"xyz">>],
+ foo_context)),
+ ?_assertMatch({error, invalid_scope},
+ oauth2:authorize_resource_owner(
+ {user, 31337},
+ <<"bad_scope">>,
+ foo_context))
+ ]
+ end}.
+
bad_authorize_client_credentials_test_() ->
{setup,
fun start/0,
Something went wrong with that request. Please try again.