-
Notifications
You must be signed in to change notification settings - Fork 138
/
password.ex
54 lines (46 loc) · 1.9 KB
/
password.ex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
defmodule OAuth2.Strategy.Password do
@moduledoc """
The Resource Owner Password Credentials Authorization Strategy.
http://tools.ietf.org/html/rfc6749#section-1.3.3
The resource owner password credentials (i.e., username and password)
can be used directly as an authorization grant to obtain an access
token. The credentials should only be used when there is a high
degree of trust between the resource owner and the client (e.g., the
client is part of the device operating system or a highly privileged
application), and when other authorization grant types are not
available (such as an authorization code).
Even though this grant type requires direct client access to the
resource owner credentials, the resource owner credentials are used
for a single request and are exchanged for an access token. This
grant type can eliminate the need for the client to store the
resource owner credentials for future use, by exchanging the
credentials with a long-lived access token or refresh token.
"""
use OAuth2.Strategy
@doc """
Not used for this strategy.
"""
@impl true
def authorize_url(_client, _params) do
raise OAuth2.Error, reason: "This strategy does not implement `authorize_url`."
end
@doc """
Retrieve an access token given the specified End User username and password.
"""
@impl true
def get_token(client, params, headers) do
{username, params} = Keyword.pop(params, :username, client.params["username"])
{password, params} = Keyword.pop(params, :password, client.params["password"])
unless username && password do
raise OAuth2.Error,
reason: "Missing required keys `username` and `password` for #{inspect(__MODULE__)}"
end
client
|> put_param(:username, username)
|> put_param(:password, password)
|> put_param(:grant_type, "password")
|> merge_params(params)
|> basic_auth()
|> put_headers(headers)
end
end