Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Side by Side Diff: pkg/oauth2/lib/src/handle_access_token_response.dart

Issue 11420025: Add a package for authenticating via OAuth2. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Code review changes Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file.
4
5 library handle_access_token_response;
6
7 import 'dart:io';
8 import 'dart:json';
9 import 'dart:uri';
10
11 import '../../../http/lib/http.dart' as http;
12
13 import 'credentials.dart';
14 import 'authorization_exception.dart';
15
16 /// The amount of time, in seconds, to add as a "grace period" for credential
17 /// expiration. This allows credential expiration checks to remain valid for a
18 /// reasonable amount of time.
19 const _EXPIRATION_GRACE = 10;
20
21 /// Handles a response from the authorization server that contains an access
22 /// token. This response format is common across several different components of
23 /// the OAuth2 flow.
24 Credentials handleAccessTokenResponse(
25 http.Response response,
26 Uri tokenEndpoint,
27 Date startTime,
28 List<String> scopes) {
29 if (response.statusCode != 200) _handleErrorResponse(response, tokenEndpoint);
30
31 void validate(bool condition, String message) =>
32 _validate(response, tokenEndpoint, condition, message);
33
34 var contentType = response.headers['content-type'];
35 if (contentType != null) {
36 contentType = new ContentType.fromString(contentType);
37 }
38 validate(contentType != null && contentType.value == "application/json",
39 'content-type was "$contentType", expected "application/json"');
40
41 var parameters;
42 try {
43 parameters = JSON.parse(response.body);
44 } catch (e) {
45 validate(false, 'invalid JSON');
46 }
47
48 for (var requiredParameter in ['access_token', 'token_type']) {
49 validate(parameters.containsKey(requiredParameter),
50 'did not contain required parameter "$requiredParameter"');
51 validate(parameters[requiredParameter] is String,
52 'required parameter "$requiredParameter" was not a string, was '
53 '"${parameters[requiredParameter]}"');
54 }
55
56 // TODO(nweiz): support the "mac" token type
57 // (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01)
58 validate(parameters['token_type'].toLowerCase() == 'bearer',
59 '"$tokenEndpoint": unknown token type "${parameters['token_type']}"');
60
61 var expiresIn = parameters['expires_in'];
62 validate(expiresIn == null || expiresIn is int,
63 'parameter "expires_in" was not an int, was "$expiresIn"');
64
65 for (var name in ['refresh_token', 'scope']) {
66 var value = parameters[name];
67 validate(value == null || value is String,
68 'parameter "$name" was not a string, was "$value"');
69 }
70
71 var scope = parameters['scope'];
72 if (scope != null) scopes = scope.split(" ");
73
74 var expiration = expiresIn == null ? null :
75 startTime.add(new Duration(seconds: expiresIn - _EXPIRATION_GRACE));
76
77 return new Credentials(
78 parameters['access_token'],
79 parameters['refresh_token'],
80 tokenEndpoint,
81 scopes,
82 expiration);
83 }
84
85 /// Throws the appropriate exception for an error response from the
86 /// authorization server.
87 void _handleErrorResponse(http.Response response, Uri tokenEndpoint) {
88 void validate(bool condition, String message) =>
89 _validate(response, tokenEndpoint, condition, message);
90
91 // OAuth2 mandates a 400 or 401 response code for access token error
92 // responses. If it's not a 400 reponse, the server is either broken or
93 // off-spec.
94 if (response.statusCode != 400 && response.statusCode != 401) {
95 var reason = '';
96 if (response.reasonPhrase != null && !response.reasonPhrase.isEmpty) {
97 ' ${response.reasonPhrase}';
98 }
99 throw new FormatException('OAuth request for "$tokenEndpoint" failed '
100 'with status ${response.statusCode}$reason.\n\n${response.body}');
101 }
102
103 var contentType = response.headers['content-type'];
104 if (contentType != null) {
105 contentType = new ContentType.fromString(contentType);
106 }
107 validate(contentType != null && contentType.value == "application/json",
108 'content-type was "$contentType", expected "application/json"');
109
110 var parameters;
111 try {
112 parameters = JSON.parse(response.body);
113 } catch (e) {
114 validate(false, 'invalid JSON');
115 }
116
117 validate(parameters.containsKey('error'),
118 'did not contain required parameter "error"');
119 validate(parameters["error"] is String,
120 'required parameter "error" was not a string, was '
121 '"${parameters["error"]}"');
122
123 for (var name in ['error_description', 'error_uri']) {
124 var value = parameters[name];
125 validate(value == null || value is String,
126 'parameter "$name" was not a string, was "$value"');
127 }
128
129 var description = parameters['error_description'];
130 var uriString = parameters['error_uri'];
131 var uri = uriString == null ? null : new Uri.fromString(uriString);
132 throw new AuthorizationException(parameters['error'], description, uri);
133 }
134
135 void _validate(
136 http.Response response,
137 Uri tokenEndpoint,
138 bool condition,
139 String message) {
140 if (condition) return;
141 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
142 '$message.\n\n${response.body}');
143 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698