| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. |
| 4 |
| 5 library handle_access_token_response; |
| 6 |
| 7 import 'dart:io'; |
| 8 import 'dart:json'; |
| 9 import 'dart:uri'; |
| 10 |
| 11 import '../../../http/lib/http.dart' as http; |
| 12 |
| 13 import 'credentials.dart'; |
| 14 import 'authorization_exception.dart'; |
| 15 |
| 16 /// The amount of time, in seconds, to add as a "grace period" for credential |
| 17 /// expiration. This allows credential expiration checks to remain valid for a |
| 18 /// reasonable amount of time. |
| 19 const _EXPIRATION_GRACE = 10; |
| 20 |
| 21 /// Handles a response from the authorization server that contains an access |
| 22 /// token. This response format is common across several different components of |
| 23 /// the OAuth2 flow. |
| 24 Credentials handleAccessTokenResponse( |
| 25 http.Response response, |
| 26 Uri tokenEndpoint, |
| 27 Date startTime, |
| 28 List<String> scopes) { |
| 29 if (response.statusCode != 200) _handleErrorResponse(response, tokenEndpoint); |
| 30 |
| 31 void validate(bool condition, String message) => |
| 32 _validate(response, tokenEndpoint, condition, message); |
| 33 |
| 34 var contentType = response.headers['content-type']; |
| 35 if (contentType != null) { |
| 36 contentType = new ContentType.fromString(contentType); |
| 37 } |
| 38 validate(contentType != null && contentType.value == "application/json", |
| 39 'content-type was "$contentType", expected "application/json"'); |
| 40 |
| 41 var parameters; |
| 42 try { |
| 43 parameters = JSON.parse(response.body); |
| 44 } catch (e) { |
| 45 validate(false, 'invalid JSON'); |
| 46 } |
| 47 |
| 48 for (var requiredParameter in ['access_token', 'token_type']) { |
| 49 validate(parameters.containsKey(requiredParameter), |
| 50 'did not contain required parameter "$requiredParameter"'); |
| 51 validate(parameters[requiredParameter] is String, |
| 52 'required parameter "$requiredParameter" was not a string, was ' |
| 53 '"${parameters[requiredParameter]}"'); |
| 54 } |
| 55 |
| 56 // TODO(nweiz): support the "mac" token type |
| 57 // (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01) |
| 58 validate(parameters['token_type'].toLowerCase() == 'bearer', |
| 59 '"$tokenEndpoint": unknown token type "${parameters['token_type']}"'); |
| 60 |
| 61 var expiresIn = parameters['expires_in']; |
| 62 validate(expiresIn == null || expiresIn is int, |
| 63 'parameter "expires_in" was not an int, was "$expiresIn"'); |
| 64 |
| 65 for (var name in ['refresh_token', 'scope']) { |
| 66 var value = parameters[name]; |
| 67 validate(value == null || value is String, |
| 68 'parameter "$name" was not a string, was "$value"'); |
| 69 } |
| 70 |
| 71 var scope = parameters['scope']; |
| 72 if (scope != null) scopes = scope.split(" "); |
| 73 |
| 74 var expiration = expiresIn == null ? null : |
| 75 startTime.add(new Duration(seconds: expiresIn - _EXPIRATION_GRACE)); |
| 76 |
| 77 return new Credentials( |
| 78 parameters['access_token'], |
| 79 parameters['refresh_token'], |
| 80 tokenEndpoint, |
| 81 scopes, |
| 82 expiration); |
| 83 } |
| 84 |
| 85 /// Throws the appropriate exception for an error response from the |
| 86 /// authorization server. |
| 87 void _handleErrorResponse(http.Response response, Uri tokenEndpoint) { |
| 88 void validate(bool condition, String message) => |
| 89 _validate(response, tokenEndpoint, condition, message); |
| 90 |
| 91 // OAuth2 mandates a 400 or 401 response code for access token error |
| 92 // responses. If it's not a 400 reponse, the server is either broken or |
| 93 // off-spec. |
| 94 if (response.statusCode != 400 && response.statusCode != 401) { |
| 95 var reason = ''; |
| 96 if (response.reasonPhrase != null && !response.reasonPhrase.isEmpty) { |
| 97 ' ${response.reasonPhrase}'; |
| 98 } |
| 99 throw new FormatException('OAuth request for "$tokenEndpoint" failed ' |
| 100 'with status ${response.statusCode}$reason.\n\n${response.body}'); |
| 101 } |
| 102 |
| 103 var contentType = response.headers['content-type']; |
| 104 if (contentType != null) { |
| 105 contentType = new ContentType.fromString(contentType); |
| 106 } |
| 107 validate(contentType != null && contentType.value == "application/json", |
| 108 'content-type was "$contentType", expected "application/json"'); |
| 109 |
| 110 var parameters; |
| 111 try { |
| 112 parameters = JSON.parse(response.body); |
| 113 } catch (e) { |
| 114 validate(false, 'invalid JSON'); |
| 115 } |
| 116 |
| 117 validate(parameters.containsKey('error'), |
| 118 'did not contain required parameter "error"'); |
| 119 validate(parameters["error"] is String, |
| 120 'required parameter "error" was not a string, was ' |
| 121 '"${parameters["error"]}"'); |
| 122 |
| 123 for (var name in ['error_description', 'error_uri']) { |
| 124 var value = parameters[name]; |
| 125 validate(value == null || value is String, |
| 126 'parameter "$name" was not a string, was "$value"'); |
| 127 } |
| 128 |
| 129 var description = parameters['error_description']; |
| 130 var uriString = parameters['error_uri']; |
| 131 var uri = uriString == null ? null : new Uri.fromString(uriString); |
| 132 throw new AuthorizationException(parameters['error'], description, uri); |
| 133 } |
| 134 |
| 135 void _validate( |
| 136 http.Response response, |
| 137 Uri tokenEndpoint, |
| 138 bool condition, |
| 139 String message) { |
| 140 if (condition) return; |
| 141 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": ' |
| 142 '$message.\n\n${response.body}'); |
| 143 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11420025:
Add a package for authenticating via OAuth2. (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart