修改设备模式使用中的问题

nilorg · Nov 28, 2020 · f4e5451 · f4e5451
1 parent 548f9d9
commit f4e5451
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 38 deletions.
diff --git a/errors.go b/errors.go
@@ -28,10 +28,10 @@ var (
 	ErrInvalidClient = errors.New("invalid_client")
 	// ErrExpiredToken 过期的令牌
 	ErrExpiredToken = errors.New("expired_token")
-	// ErrAuthorizationPending 授权之前
+	// ErrAuthorizationPending 授权待定
 	// https://tools.ietf.org/html/rfc8628#section-3.5
 	ErrAuthorizationPending = errors.New("authorization_pending")
-	// ErrSlowDown 慢下来
+	// ErrSlowDown 轮询太频繁
 	// https://tools.ietf.org/html/rfc8628#section-3.5
 	ErrSlowDown = errors.New("slow_down")
 	// ErrUnsupportedTokenType 不支持的令牌类型
@@ -103,19 +103,19 @@ var (
 	}
 	// ErrStatusCodes ...
 	ErrStatusCodes = map[error]int{
-		ErrInvalidRequest:          http.StatusBadRequest,          // 400
-		ErrUnauthorizedClient:      http.StatusUnauthorized,        // 401
-		ErrAccessDenied:            http.StatusForbidden,           // 403
-		ErrUnsupportedResponseType: http.StatusUnauthorized,        // 401
-		ErrInvalidScope:            http.StatusBadRequest,          // 400
-		ErrServerError:             http.StatusInternalServerError, // 400
-		ErrTemporarilyUnavailable:  http.StatusServiceUnavailable,  // 503
-		ErrInvalidClient:           http.StatusUnauthorized,        // 401
-		ErrInvalidGrant:            http.StatusUnauthorized,        // 401
-		ErrUnsupportedGrantType:    http.StatusUnauthorized,        // 401
-		ErrExpiredToken:            http.StatusUnauthorized,        // 401
-		ErrAuthorizationPending:    http.StatusUnauthorized,        // 401
-		ErrSlowDown:                http.StatusBadRequest,          // 400 https://tools.ietf.org/html/rfc6749#section-5.2
-		ErrUnsupportedTokenType:    http.StatusServiceUnavailable,  // 503 https://tools.ietf.org/html/rfc7009#section-2.2.1
+		ErrInvalidRequest:          http.StatusBadRequest,           // 400
+		ErrUnauthorizedClient:      http.StatusUnauthorized,         // 401
+		ErrAccessDenied:            http.StatusForbidden,            // 403
+		ErrUnsupportedResponseType: http.StatusUnauthorized,         // 401
+		ErrInvalidScope:            http.StatusBadRequest,           // 400
+		ErrServerError:             http.StatusInternalServerError,  // 400
+		ErrTemporarilyUnavailable:  http.StatusServiceUnavailable,   // 503
+		ErrInvalidClient:           http.StatusUnauthorized,         // 401
+		ErrInvalidGrant:            http.StatusUnauthorized,         // 401
+		ErrUnsupportedGrantType:    http.StatusUnauthorized,         // 401
+		ErrExpiredToken:            http.StatusUnauthorized,         // 401
+		ErrAuthorizationPending:    http.StatusPreconditionRequired, // 428
+		ErrSlowDown:                http.StatusForbidden,            // 403 https://tools.ietf.org/html/rfc6749#section-5.2
+		ErrUnsupportedTokenType:    http.StatusServiceUnavailable,   // 503 https://tools.ietf.org/html/rfc7009#section-2.2.1
 	}
 )
diff --git a/examples/server/main.go b/examples/server/main.go
@@ -74,14 +74,14 @@ func main() {
 	srv.RefreshAccessToken = oauth2.NewDefaultRefreshAccessToken([]byte("xxxxx"))
 	srv.ParseAccessToken = oauth2.NewDefaultParseAccessToken([]byte("xxxxx"))
 
-	srv.GenerateDeviceAuthorization = func(issuer, verificationURI, clientID, scope string) (resp *oauth2.DeviceAuthorizationResponse, err error) {
+	srv.GenerateDeviceAuthorization = func(issuer, verificationURI, clientID string, scope []string) (resp *oauth2.DeviceAuthorizationResponse, err error) {
 		resp = &oauth2.DeviceAuthorizationResponse{
-			DeviceCode:            oauth2.RandomCode(),
-			UserCode:              oauth2.RandomUserCode(),
-			VerificationURI:       verificationURI,
-			VerificationURIQrcode: "",
-			ExpiresIn:             0,
-			Interval:              5,
+			DeviceCode:              oauth2.RandomCode(),
+			UserCode:                oauth2.RandomUserCode(),
+			VerificationURI:         issuer + verificationURI,
+			VerificationURIComplete: "",
+			ExpiresIn:               0,
+			Interval:                5,
 		}
 		return
 	}

diff --git a/func.go b/func.go
@@ -33,7 +33,7 @@ type VerifyScopeFunc func(scope []string, clientID string) (err error)
 type GenerateAccessTokenFunc func(issuer, clientID, scope, openID string, code *CodeValue) (token *TokenResponse, err error)
 
 // GenerateDeviceAuthorizationFunc 生成设备授权
-type GenerateDeviceAuthorizationFunc func(issuer, verificationURI, clientID, scope string) (resp *DeviceAuthorizationResponse, err error)
+type GenerateDeviceAuthorizationFunc func(issuer, verificationURI, clientID string, scope []string) (resp *DeviceAuthorizationResponse, err error)
 
 // ParseAccessTokenFunc 解析AccessToken为JwtClaims委托
 type ParseAccessTokenFunc func(accessToken string) (claims *JwtClaims, err error)

diff --git a/models.go b/models.go
@@ -16,12 +16,12 @@ type TokenResponse struct {
 // DeviceAuthorizationResponse Device Authorization Response.
 // https://tools.ietf.org/html/rfc8628#section-3.2
 type DeviceAuthorizationResponse struct {
-	DeviceCode            string `json:"device_code"`
-	UserCode              string `json:"user_code"`
-	VerificationURI       string `json:"verification_uri"`
-	VerificationURIQrcode string `json:"verification_uri_qrcode,omitempty"`
-	ExpiresIn             int64  `json:"expires_in"`
-	Interval              int    `json:"interval"`
+	DeviceCode              string `json:"device_code"`
+	UserCode                string `json:"user_code"`
+	VerificationURI         string `json:"verification_uri"`
+	VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
+	ExpiresIn               int64  `json:"expires_in"`
+	Interval                int    `json:"interval"`
 }
 
 // IntrospectionResponse Introspection Response.
@@ -62,11 +62,8 @@ func (code *CodeValue) UnmarshalBinary(data []byte) error {
 
 // DeviceCodeValue device_code值
 type DeviceCodeValue struct {
-	ClientID   string   `json:"client_id"`
-	OpenID     string   `json:"open_id"`
-	DeviceCode string   `json:"device_code"`
-	UserCode   string   `json:"user_code"`
-	Scope      []string `json:"scope"`
+	OpenID string   `json:"open_id"`
+	Scope  []string `json:"scope"`
 }
 
 // MarshalBinary json

diff --git a/server.go b/server.go
@@ -247,6 +247,7 @@ func (srv *Server) HandleToken(w http.ResponseWriter, r *http.Request) {
 
 	var reqClientBasic *ClientBasic
 	var err error
+	var clientID string
 	// explain: https://tools.ietf.org/html/rfc8628#section-3.4 {
 	if grantType != DeviceCodeKey && grantType != UrnIetfParamsOAuthGrantTypeDeviceCodeKey {
 		reqClientBasic, err = RequestClientBasic(r)
@@ -259,8 +260,9 @@ func (srv *Server) HandleToken(w http.ResponseWriter, r *http.Request) {
 			WriterError(w, err)
 			return
 		}
+		clientID = reqClientBasic.ID
 	} else {
-		clientID := r.PostFormValue(ClientIDKey)
+		clientID = r.PostFormValue(ClientIDKey)
 		err = srv.VerifyClientID(clientID)
 		if err != nil {
 			WriterError(w, err)
@@ -269,7 +271,7 @@ func (srv *Server) HandleToken(w http.ResponseWriter, r *http.Request) {
 	}
 
 	scope := r.PostFormValue(ScopeKey)
-	if err = srv.VerifyScope(StringSplit(scope, " "), reqClientBasic.ID); err != nil {
+	if err = srv.VerifyScope(StringSplit(scope, " "), clientID); err != nil {
 		// ErrInvalidScope
 		WriterError(w, err)
 		return
@@ -361,7 +363,7 @@ func (srv *Server) authorizeImplicit(clientID, scope, openID string) (token *Tok
 
 // 设备模式（Device Code）
 func (srv *Server) authorizeDeviceCode(clientID, scope string) (resp *DeviceAuthorizationResponse, err error) {
-	resp, err = srv.GenerateDeviceAuthorization(srv.opts.Issuer, srv.opts.DeviceVerificationURI, clientID, scope)
+	resp, err = srv.GenerateDeviceAuthorization(srv.opts.Issuer, srv.opts.DeviceVerificationURI, clientID, StringSplit(scope, " "))
 	return
 }