Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1322)

Unified Diff: pkg/oauth2/lib/src/handle_access_token_response.dart

Issue 11420025: Add a package for authenticating via OAuth2. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Code review changes Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: pkg/oauth2/lib/src/handle_access_token_response.dart
diff --git a/pkg/oauth2/lib/src/handle_access_token_response.dart b/pkg/oauth2/lib/src/handle_access_token_response.dart
new file mode 100644
index 0000000000000000000000000000000000000000..af94f911f5d34027d8068aaba14f13204484c9b4
--- /dev/null
+++ b/pkg/oauth2/lib/src/handle_access_token_response.dart
@@ -0,0 +1,143 @@
+// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+library handle_access_token_response;
+
+import 'dart:io';
+import 'dart:json';
+import 'dart:uri';
+
+import '../../../http/lib/http.dart' as http;
+
+import 'credentials.dart';
+import 'authorization_exception.dart';
+
+/// The amount of time, in seconds, to add as a "grace period" for credential
+/// expiration. This allows credential expiration checks to remain valid for a
+/// reasonable amount of time.
+const _EXPIRATION_GRACE = 10;
+
+/// Handles a response from the authorization server that contains an access
+/// token. This response format is common across several different components of
+/// the OAuth2 flow.
+Credentials handleAccessTokenResponse(
+ http.Response response,
+ Uri tokenEndpoint,
+ Date startTime,
+ List<String> scopes) {
+ if (response.statusCode != 200) _handleErrorResponse(response, tokenEndpoint);
+
+ void validate(bool condition, String message) =>
+ _validate(response, tokenEndpoint, condition, message);
+
+ var contentType = response.headers['content-type'];
+ if (contentType != null) {
+ contentType = new ContentType.fromString(contentType);
+ }
+ validate(contentType != null && contentType.value == "application/json",
+ 'content-type was "$contentType", expected "application/json"');
+
+ var parameters;
+ try {
+ parameters = JSON.parse(response.body);
+ } catch (e) {
+ validate(false, 'invalid JSON');
+ }
+
+ for (var requiredParameter in ['access_token', 'token_type']) {
+ validate(parameters.containsKey(requiredParameter),
+ 'did not contain required parameter "$requiredParameter"');
+ validate(parameters[requiredParameter] is String,
+ 'required parameter "$requiredParameter" was not a string, was '
+ '"${parameters[requiredParameter]}"');
+ }
+
+ // TODO(nweiz): support the "mac" token type
+ // (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01)
+ validate(parameters['token_type'].toLowerCase() == 'bearer',
+ '"$tokenEndpoint": unknown token type "${parameters['token_type']}"');
+
+ var expiresIn = parameters['expires_in'];
+ validate(expiresIn == null || expiresIn is int,
+ 'parameter "expires_in" was not an int, was "$expiresIn"');
+
+ for (var name in ['refresh_token', 'scope']) {
+ var value = parameters[name];
+ validate(value == null || value is String,
+ 'parameter "$name" was not a string, was "$value"');
+ }
+
+ var scope = parameters['scope'];
+ if (scope != null) scopes = scope.split(" ");
+
+ var expiration = expiresIn == null ? null :
+ startTime.add(new Duration(seconds: expiresIn - _EXPIRATION_GRACE));
+
+ return new Credentials(
+ parameters['access_token'],
+ parameters['refresh_token'],
+ tokenEndpoint,
+ scopes,
+ expiration);
+}
+
+/// Throws the appropriate exception for an error response from the
+/// authorization server.
+void _handleErrorResponse(http.Response response, Uri tokenEndpoint) {
+ void validate(bool condition, String message) =>
+ _validate(response, tokenEndpoint, condition, message);
+
+ // OAuth2 mandates a 400 or 401 response code for access token error
+ // responses. If it's not a 400 reponse, the server is either broken or
+ // off-spec.
+ if (response.statusCode != 400 && response.statusCode != 401) {
+ var reason = '';
+ if (response.reasonPhrase != null && !response.reasonPhrase.isEmpty) {
+ ' ${response.reasonPhrase}';
+ }
+ throw new FormatException('OAuth request for "$tokenEndpoint" failed '
+ 'with status ${response.statusCode}$reason.\n\n${response.body}');
+ }
+
+ var contentType = response.headers['content-type'];
+ if (contentType != null) {
+ contentType = new ContentType.fromString(contentType);
+ }
+ validate(contentType != null && contentType.value == "application/json",
+ 'content-type was "$contentType", expected "application/json"');
+
+ var parameters;
+ try {
+ parameters = JSON.parse(response.body);
+ } catch (e) {
+ validate(false, 'invalid JSON');
+ }
+
+ validate(parameters.containsKey('error'),
+ 'did not contain required parameter "error"');
+ validate(parameters["error"] is String,
+ 'required parameter "error" was not a string, was '
+ '"${parameters["error"]}"');
+
+ for (var name in ['error_description', 'error_uri']) {
+ var value = parameters[name];
+ validate(value == null || value is String,
+ 'parameter "$name" was not a string, was "$value"');
+ }
+
+ var description = parameters['error_description'];
+ var uriString = parameters['error_uri'];
+ var uri = uriString == null ? null : new Uri.fromString(uriString);
+ throw new AuthorizationException(parameters['error'], description, uri);
+}
+
+void _validate(
+ http.Response response,
+ Uri tokenEndpoint,
+ bool condition,
+ String message) {
+ if (condition) return;
+ throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
+ '$message.\n\n${response.body}');
+}

Powered by Google App Engine
This is Rietveld 408576698