Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Side by Side Diff: pkg/oauth2/lib/src/handle_access_token_response.dart

Issue 11420025: Add a package for authenticating via OAuth2. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Misc fixes Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file.
4
5 library handle_access_token_response;
6
7 import 'dart:io';
8 import 'dart:json';
9 import 'dart:uri';
10
11 import '../../../http/lib/http.dart' as http;
12
13 import 'credentials.dart';
14 import 'authorization_exception.dart';
15
16 /// The amount of time, in seconds, to add as a "grace period" for credential
17 /// expiration. This allows credential expiration checks to remain valid for a
18 /// reasonable amount of time.
19 final int _EXPIRATION_GRACE = 10;
Bob Nystrom 2012/11/16 19:53:30 "final int" -> "const".
nweiz 2012/11/17 01:06:27 Done.
20
21 /// Handles a response from the authorization server that contains an access
22 /// token. This response format is common across several different components of
23 /// the OAuth2 flow.
24 Credentials handleAccessTokenResponse(
25 http.Response response,
26 Uri tokenEndpoint,
27 Date startTime,
28 List<String> scopes) {
29 if (response.statusCode != 200) _handleErrorResponse(response, tokenEndpoint);
30
31 var contentType = response.headers['content-type'];
32 if (contentType != null) {
33 contentType = new ContentType.fromString(contentType);
34 }
35 if (contentType == null || contentType.value != "application/json") {
36 throw new FormatException('Invalid OAuth response for '
37 '"$tokenEndpoint": content-type was "$contentType", expected '
38 '"application/json".');
39 }
40
41 var parameters;
42 try {
43 parameters = JSON.parse(response.body);
44 } catch (e) {
Bob Nystrom 2012/11/16 19:53:30 Restrict this: } on FormatException catch (e) {
nweiz 2012/11/17 01:06:27 JSON.parse doesn't throw a FormatException :-/.
Bob Nystrom 2012/11/19 21:37:10 Restrict it to a JSONParseException? We definitely
nweiz 2012/11/19 22:20:11 It doesn't throw a JSONParseException either :-/.
45 throw new FormatException('Invalid OAuth response for '
46 '"$tokenEndpoint": invalid JSON.\n\n${response.body}');
Bob Nystrom 2012/11/16 19:53:30 How about a helper function for all of these throw
nweiz 2012/11/17 01:06:27 Done.
47 }
48
49 for (var requiredParameter in ['access_token', 'token_type']) {
50 if (!parameters.containsKey(requiredParameter)) {
51 throw new FormatException('Invalid OAuth response for '
52 '"$tokenEndpoint": did not contain required parameter '
53 '"$requiredParameter".\n\n${response.body}');
54 } else if (parameters[requiredParameter] is! String) {
55 throw new FormatException('Invalid OAuth response for '
56 '"$tokenEndpoint": required parameter "$requiredParameter" was '
57 'not a string, was "${parameters[requiredParameter]}".\n\n'
58 '${response.body}');
59 }
60 }
61
62 // TODO(nweiz): support the "mac" token type
63 // (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01)
64 if (parameters['token_type'].toLowerCase() != 'bearer') {
65 throw new FormatException('Invalid OAuth response for '
66 '"$tokenEndpoint": unknown token type '
67 '"${parameters['token_type']}".\n\n${response.body}');
68 }
69
70 var expiresIn = parameters['expires_in'];
71 if (expiresIn != null && expiresIn is! int) {
72 throw new FormatException('Invalid OAuth response for '
73 '"$tokenEndpoint": parameter "expires_in" was not an int, was '
74 '"$expiresIn".\n\n${response.body}');
75 }
76
77 for (var name in ['refresh_token', 'scope']) {
78 var value = parameters[name];
79 if (value == null || value is String) continue;
80 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
81 'parameter "$name" was not a string, was "$value".\n\n'
82 '${response.body}');
83 }
84
85 var scope = parameters['scope'];
86 if (scope != null) scopes = scope.split(" ");
87
88 var expiration = expiresIn == null ? null :
89 startTime.add(new Duration(seconds: expiresIn - _EXPIRATION_GRACE));
90
91 return new Credentials(
92 parameters['access_token'],
93 parameters['refresh_token'],
94 tokenEndpoint,
95 scopes,
96 expiration);
97 }
98
99 /// Throws the appropriate exception for an error response from the
100 /// authorization server.
101 void _handleErrorResponse(http.Response response, Uri tokenEndpoint) {
102 // OAuth2 mandates a 400 or 401 response code for access token error
103 // responses. If it's not a 400 reponse, the server is either broken or
104 // off-spec.
105 if (response.statusCode != 400 && response.statusCode != 401) {
106 var reason = '';
107 if (response.reasonPhrase != null && !response.reasonPhrase.isEmpty) {
108 ' ${response.reasonPhrase}';
109 }
110 throw new FormatException('OAuth request for "$tokenEndpoint" failed '
111 'with status ${response.statusCode}$reason.\n\n${response.body}');
112 }
113
114 var contentType = response.headers['content-type'];
115 if (contentType != null) {
116 contentType = new ContentType.fromString(contentType);
117 }
118 if (contentType == null || contentType.value != "application/json") {
119 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
120 'content-type was "$contentType", expected "application/json".');
121 }
122
123 var parameters;
124 try {
125 parameters = JSON.parse(response.body);
126 } catch (e) {
127 throw new FormatException('Invalid OAuth response for '
128 '"$tokenEndpoint": invalid JSON.\n\n${response.body}');
129 }
130
131 if (!parameters.containsKey('error')) {
132 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
133 'did not contain required parameter "error".\n\n${response.body}');
134 } else if (parameters["error"] is! String) {
135 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
136 'required parameter "error" was not a string, was '
137 '"${parameters["error"]}"\n\n${response.body}.');
138 }
139
140 for (var name in ['error_description', 'error_uri']) {
141 var value = parameters[name];
142 if (value == null || value is String) continue;
143 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
144 'parameter "$name" was not a string, was "$value".\n\n'
145 '${response.body}');
146 }
147
148 var description = parameters['error_description'];
149 var uriString = parameters['error_uri'];
150 var uri = uriString == null ? null : new Uri.fromString(uriString);
151 throw new AuthorizationException(parameters['error'], description, uri);
152 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698