/
client.go
61 lines (50 loc) · 1.58 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package internal
import (
"errors"
"net/url"
)
var (
ErrNotIdenticalRedirectURI = errors.New("not identical redirect uri")
ErrClientNotAuthenticated = errors.New("client not authenticated")
ErrClientCredentialNotAllowed = errors.New("client credential not allowed")
)
type ClientType string
const (
ClientTypeUnknown ClientType = "unknown"
ClientTypeConfidential ClientType = "confidential"
ClientTypePublic ClientType = "public"
)
// Client represents OAuth 2.0 client.
type Client struct {
// ID is a unique string and is exposed to public.
ID string
Type ClientType
// secret is used for HTTP Basic Authentication Scheme [RFC2617].
// [RFC2617]: https://www.rfc-editor.org/rfc/rfc2617.html
secret *HashedPassword
// redirectURIs are absolute URIs.
// [RFC6749 Section3.1.2]: https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2
redirectURIs []url.URL
}
// AuthenticatedClient is a user authenticated client made from ClientAuthenticator#Authenticate method.
// It is used for preventing mistakes that we use client without client authentication.
type AuthenticatedClient struct {
*Client
}
func NewClient(id string, clientType ClientType, hashedPassword *HashedPassword, redirectURIs []url.URL) (*Client, error) {
c := &Client{
ID: id,
Type: clientType,
secret: hashedPassword,
redirectURIs: redirectURIs,
}
return c, nil
}
func (c *Client) IdenticalRedirectURI(redirectURI url.URL) error {
for _, uri := range c.redirectURIs {
if uri.String() == redirectURI.String() {
return nil
}
}
return ErrNotIdenticalRedirectURI
}