Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(532)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: pkg/oauth2/lib/src/handle_access_token_response.dart

Issue 11420025: Add a package for authenticating via OAuth2. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Misc fixes Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« pkg/oauth2/lib/src/credentials.dart ('K') | « pkg/oauth2/lib/src/credentials.dart ('k') | pkg/oauth2/lib/src/utils.dart » ('j') | pkg/oauth2/lib/src/utils.dart » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: pkg/oauth2/lib/src/handle_access_token_response.dart
diff --git a/pkg/oauth2/lib/src/handle_access_token_response.dart b/pkg/oauth2/lib/src/handle_access_token_response.dart
new file mode 100644
index 0000000000000000000000000000000000000000..97b817d1caf6bd46c0eec6a6f2337e62cba92c5d
--- /dev/null
+++ b/pkg/oauth2/lib/src/handle_access_token_response.dart
@@ -0,0 +1,152 @@
+// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+library handle_access_token_response;
+
+import 'dart:io';
+import 'dart:json';
+import 'dart:uri';
+
+import '../../../http/lib/http.dart' as http;
+
+import 'credentials.dart';
+import 'authorization_exception.dart';
+
+/// The amount of time, in seconds, to add as a "grace period" for credential
+/// expiration. This allows credential expiration checks to remain valid for a
+/// reasonable amount of time.
+final int _EXPIRATION_GRACE = 10;
Bob Nystrom 2012/11/16 19:53:30 "final int" -> "const".
nweiz 2012/11/17 01:06:27 Done.
+
+/// Handles a response from the authorization server that contains an access
+/// token. This response format is common across several different components of
+/// the OAuth2 flow.
+Credentials handleAccessTokenResponse(
+ http.Response response,
+ Uri tokenEndpoint,
+ Date startTime,
+ List<String> scopes) {
+ if (response.statusCode != 200) _handleErrorResponse(response, tokenEndpoint);
+
+ var contentType = response.headers['content-type'];
+ if (contentType != null) {
+ contentType = new ContentType.fromString(contentType);
+ }
+ if (contentType == null || contentType.value != "application/json") {
+ throw new FormatException('Invalid OAuth response for '
+ '"$tokenEndpoint": content-type was "$contentType", expected '
+ '"application/json".');
+ }
+
+ var parameters;
+ try {
+ parameters = JSON.parse(response.body);
+ } catch (e) {
Bob Nystrom 2012/11/16 19:53:30 Restrict this: } on FormatException catch (e) {
nweiz 2012/11/17 01:06:27 JSON.parse doesn't throw a FormatException :-/.
Bob Nystrom 2012/11/19 21:37:10 Restrict it to a JSONParseException? We definitely
nweiz 2012/11/19 22:20:11 It doesn't throw a JSONParseException either :-/.
+ throw new FormatException('Invalid OAuth response for '
+ '"$tokenEndpoint": invalid JSON.\n\n${response.body}');
Bob Nystrom 2012/11/16 19:53:30 How about a helper function for all of these throw
nweiz 2012/11/17 01:06:27 Done.
+ }
+
+ for (var requiredParameter in ['access_token', 'token_type']) {
+ if (!parameters.containsKey(requiredParameter)) {
+ throw new FormatException('Invalid OAuth response for '
+ '"$tokenEndpoint": did not contain required parameter '
+ '"$requiredParameter".\n\n${response.body}');
+ } else if (parameters[requiredParameter] is! String) {
+ throw new FormatException('Invalid OAuth response for '
+ '"$tokenEndpoint": required parameter "$requiredParameter" was '
+ 'not a string, was "${parameters[requiredParameter]}".\n\n'
+ '${response.body}');
+ }
+ }
+
+ // TODO(nweiz): support the "mac" token type
+ // (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01)
+ if (parameters['token_type'].toLowerCase() != 'bearer') {
+ throw new FormatException('Invalid OAuth response for '
+ '"$tokenEndpoint": unknown token type '
+ '"${parameters['token_type']}".\n\n${response.body}');
+ }
+
+ var expiresIn = parameters['expires_in'];
+ if (expiresIn != null && expiresIn is! int) {
+ throw new FormatException('Invalid OAuth response for '
+ '"$tokenEndpoint": parameter "expires_in" was not an int, was '
+ '"$expiresIn".\n\n${response.body}');
+ }
+
+ for (var name in ['refresh_token', 'scope']) {
+ var value = parameters[name];
+ if (value == null || value is String) continue;
+ throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
+ 'parameter "$name" was not a string, was "$value".\n\n'
+ '${response.body}');
+ }
+
+ var scope = parameters['scope'];
+ if (scope != null) scopes = scope.split(" ");
+
+ var expiration = expiresIn == null ? null :
+ startTime.add(new Duration(seconds: expiresIn - _EXPIRATION_GRACE));
+
+ return new Credentials(
+ parameters['access_token'],
+ parameters['refresh_token'],
+ tokenEndpoint,
+ scopes,
+ expiration);
+}
+
+/// Throws the appropriate exception for an error response from the
+/// authorization server.
+void _handleErrorResponse(http.Response response, Uri tokenEndpoint) {
+ // OAuth2 mandates a 400 or 401 response code for access token error
+ // responses. If it's not a 400 reponse, the server is either broken or
+ // off-spec.
+ if (response.statusCode != 400 && response.statusCode != 401) {
+ var reason = '';
+ if (response.reasonPhrase != null && !response.reasonPhrase.isEmpty) {
+ ' ${response.reasonPhrase}';
+ }
+ throw new FormatException('OAuth request for "$tokenEndpoint" failed '
+ 'with status ${response.statusCode}$reason.\n\n${response.body}');
+ }
+
+ var contentType = response.headers['content-type'];
+ if (contentType != null) {
+ contentType = new ContentType.fromString(contentType);
+ }
+ if (contentType == null || contentType.value != "application/json") {
+ throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
+ 'content-type was "$contentType", expected "application/json".');
+ }
+
+ var parameters;
+ try {
+ parameters = JSON.parse(response.body);
+ } catch (e) {
+ throw new FormatException('Invalid OAuth response for '
+ '"$tokenEndpoint": invalid JSON.\n\n${response.body}');
+ }
+
+ if (!parameters.containsKey('error')) {
+ throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
+ 'did not contain required parameter "error".\n\n${response.body}');
+ } else if (parameters["error"] is! String) {
+ throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
+ 'required parameter "error" was not a string, was '
+ '"${parameters["error"]}"\n\n${response.body}.');
+ }
+
+ for (var name in ['error_description', 'error_uri']) {
+ var value = parameters[name];
+ if (value == null || value is String) continue;
+ throw new FormatException('Invalid OAuth response for "$tokenEndpoint": '
+ 'parameter "$name" was not a string, was "$value".\n\n'
+ '${response.body}');
+ }
+
+ var description = parameters['error_description'];
+ var uriString = parameters['error_uri'];
+ var uri = uriString == null ? null : new Uri.fromString(uriString);
+ throw new AuthorizationException(parameters['error'], description, uri);
+}
« pkg/oauth2/lib/src/credentials.dart ('K') | « pkg/oauth2/lib/src/credentials.dart ('k') | pkg/oauth2/lib/src/utils.dart » ('j') | pkg/oauth2/lib/src/utils.dart » ('J')

Powered by Google App Engine
This is Rietveld 408576698