You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All of the examples show how to create authorization codes and access tokens, but there is no example to show how to actually verify the access token on an incoming http request. I looked through the library and think the functionality may be missing since it's more than just calling the storage's GetAccessTokenSession, but wanted to discuss first to see if I had missed it.
The text was updated successfully, but these errors were encountered:
In case anyone comes across this in the meantime, I was able to get this working with the code below, but wasn't able to get the signature validation against the bearer token working ahead of the storage lookup... the client (secret) isn't available off of just an access token.
accessChallenge := &enigma.Challenge{}
accessChallenge.FromString(bearerToken)
var session oauth.Session
ar, err := store.GetAccessTokenSession(accessChallenge.Signature, &core.TokenSession{Extra: &session})
if err != nil {
api.GetError(OAuthInvalidAccessTokenError).Send(c)
return
}
// Token is valid
Hey @cristiangraz yes indeed, not having the client secret around is actually a problem with validating the token cryptographically using HMACSHA. Maybe #18 will suit you better?
I'd like to keep the client secret for validating the tokens because it enables us to invalidate tokens when the secrent changes.
All of the examples show how to create authorization codes and access tokens, but there is no example to show how to actually verify the access token on an incoming http request. I looked through the library and think the functionality may be missing since it's more than just calling the storage's
GetAccessTokenSession
, but wanted to discuss first to see if I had missed it.The text was updated successfully, but these errors were encountered: