Golang Oauth2 获取令牌范围

huangapple
go评论79阅读模式
英文:

Golang Oauth2 Get Token Scope

问题

当使用Golang的Oauth2库时,你可以通过交换授权码获取访问令牌,并得到以下结构体:

type Token struct {
    // AccessToken是用于授权和认证请求的令牌。
    AccessToken string `json:"access_token"`

    // TokenType是令牌的类型。
    // Type方法返回此值或默认值"Bearer"。
    TokenType string `json:"token_type,omitempty"`

    // RefreshToken是应用程序(而不是用户)用于在访问令牌过期时刷新访问令牌的令牌。
    RefreshToken string `json:"refresh_token,omitempty"`

    // Expiry是访问令牌的可选过期时间。
    //
    // 如果为零,TokenSource实现将永久重用相同的令牌,
    // 并且不会使用RefreshToken或等效的机制。
    Expiry time.Time `json:"expiry,omitempty"`
    // 包含已过滤或未导出的字段
}

现在,当我在应用程序中使用此访问令牌时,我需要知道授予令牌的范围。

但是我没有看到任何获取范围的属性或方法?

如何获取令牌的范围,以便根据范围限制用户的权限?

我可以看到Config结构体有一个Scopes切片:

type Config struct {
    // ClientID是应用程序的ID。
    ClientID string

    // ClientSecret是应用程序的密钥。
    ClientSecret string

    // Endpoint包含资源服务器的令牌端点URL。
    // 这些是每个服务器特定的常量,通常可以通过特定于站点的包(如google.Endpoint或github.Endpoint)获得。
    Endpoint Endpoint

    // RedirectURL是在OAuth流程中,资源所有者URL之后,重定向用户的URL。
    RedirectURL string

    // Scope指定可选的请求权限。
    Scopes []string
}

但是我似乎找不到从令牌中获取范围的方法?

范围的目的应该是作为访问令牌的一部分,以验证权限,对吗?

请参阅规范:https://www.rfc-editor.org/rfc/rfc6749#page-23

英文:

When using Golang's Oauth2 library:

https://godoc.org/golang.org/x/oauth2#Token

I exchange the authorisation code for access token and I get back this struct:

type Token struct {
    // AccessToken is the token that authorizes and authenticates
    // the requests.
    AccessToken string `json:"access_token"`

    // TokenType is the type of token.
    // The Type method returns either this or "Bearer", the default.
    TokenType string `json:"token_type,omitempty"`

    // RefreshToken is a token that's used by the application
    // (as opposed to the user) to refresh the access token
    // if it expires.
    RefreshToken string `json:"refresh_token,omitempty"`

    // Expiry is the optional expiration time of the access token.
    //
    // If zero, TokenSource implementations will reuse the same
    // token forever and RefreshToken or equivalent
    // mechanisms for that TokenSource will not be used.
    Expiry time.Time `json:"expiry,omitempty"`
    // contains filtered or unexported fields
}

Now when I am using this access token in my application, I need to know the scope for which the token was granted.

But I don't see any property or method to get the scope?

How to get the token's scope so I can limit user's permissions based on it?

I can see that the Config struct has Scopes slice:

type Config struct {
    // ClientID is the application's ID.
    ClientID string

    // ClientSecret is the application's secret.
    ClientSecret string

    // Endpoint contains the resource server's token endpoint
    // URLs. These are constants specific to each server and are
    // often available via site-specific packages, such as
    // google.Endpoint or github.Endpoint.
    Endpoint Endpoint

    // RedirectURL is the URL to redirect users going through
    // the OAuth flow, after the resource owner's URLs.
    RedirectURL string

    // Scope specifies optional requested permissions.
    Scopes []string
}

It seems to me there is no way to get scope from a token though?

Surely the point of scope is that it should be part of the access token in order to validate permissions?

See the spec: https://www.rfc-editor.org/rfc/rfc6749#page-23

答案1

得分: 1

这应该能解决问题。

    func GetTokensScope(tokUrl string, clientId string, secret string) (string,error){
        body := bytes.NewBuffer([]byte("grant_type=client_credentials&client_id="+clientId+"&client_secret="+secret+"&response_type=token"))
        req, err := http.NewRequest("POST",tokUrl,body)
        req.Header.Set("Content-Type","application/x-www-form-urlencoded") 
        client := &http.Client{}
        resp, err := client.Do(req)
        if err != nil {
            return "",err
        }
        
        defer resp.Body.Close()
        rsBody, err := ioutil.ReadAll(resp.Body)
        type WithScope struct {
            Scope string `json:"scope"`
        }
        var dat WithScope
        err = json.Unmarshal(rsBody,&dat)
        if err != nil {
            return "",err
        }
    
        return dat.Scope,err
    }
英文:

this should do the trick

    func GetTokensScope(tokUrl string, clientId string, secret string) (string,error){
        body := bytes.NewBuffer([]byte("grant_type=client_credentials&client_id="+clientId+"&client_secret="+secret+"&response_type=token"))
        req, err := http.NewRequest("POST",tokUrl,body)
        req.Header.Set("Content-Type","application/x-www-form-urlencoded") 	
        client := &http.Client{}
        resp, err := client.Do(req)
        if err != nil {
            return "",err
        }
        
        defer resp.Body.Close()
        rsBody, err := ioutil.ReadAll(resp.Body)
        type WithScope struct {
            Scope string `json:"scope"`
        }
        var dat WithScope
        err = json.Unmarshal(rsBody,&dat)
        if err != nil {
            return "",err
        }
    
        return dat.Scope,err
    }

huangapple
  • 本文由 发表于 2015年6月24日 21:30:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/31028021.html
  • go
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定