Update oauth2_bearer/glewlwyd_resource to handle client tokens

example_callbacks/oauth2_bearer/README.md

@@ -6,11 +6,13 @@ To use this file, you must create a `struct _glewlwyd_resource_config` with your
 
 ```C
 struct _glewlwyd_resource_config {
-  int       method;         // Values are G_METHOD_HEADER, G_METHOD_BODY or G_METHOD_URL for the access_token location, see https://tools.ietf.org/html/rfc6750
-  char *    oauth_scope;    // Scope values required by the resource, multiple values must be separated by a space character
-  char *    jwt_decode_key; // The key used to decode an access token
-  jwt_alg_t jwt_alg;        // The algorithm used to encode a token, see http://benmcollins.github.io/libjwt/
-  char *    realm;          // Optional, a realm value that will be sent back to the client
+  int            method;              // Values are G_METHOD_HEADER, G_METHOD_BODY or G_METHOD_URL for the access_token location, see https://tools.ietf.org/html/rfc6750
+  char *         oauth_scope;         // Scope values required by the resource, multiple values must be separated by a space character
+  char *         jwt_decode_key;      // The key used to decode an access token
+  jwt_alg_t      jwt_alg;             // The algorithm used to encode a token, see http://benmcollins.github.io/libjwt/
+  char *         realm;               // Optional, a realm value that will be sent back to the client
+  unsigned short accept_access_token; // required, accept type acces_token
+  unsigned short accept_client_token; // required, accept type client_token
 };
 ```
 
@@ -23,10 +25,9 @@ g_config.oauth_scope = "scope1";
 g_config.jwt_decode_key = "secret";
 g_config.jwt_alg = JWT_ALG_HS512;
 g_config.realm = "example";
+g_config.accept_access_token = 1;
+g_config.accept_client_token = 0;
 
-// First example, add an endpoint with the authentication callback callback_check_glewlwyd_access_token
-ulfius_add_endpoint_by_val(instance, "GET", "/api", "/resurce/:id", &callback_check_glewlwyd_access_token, (void*)g_config, NULL, &callback_get_resource, (void*)config);
-
-// Second example, use callback_check_glewlwyd_access_token as a default authentication callback
-ulfius_set_default_auth_function(instance, &callback_check_glewlwyd_access_token, (void*)g_config, NULL);
+// Example, add an authentication callback callback_check_glewlwyd_access_token for the endpoint GET "/api/resource/*"
+ulfius_add_endpoint_by_val(instance, "GET", "/api", "/resource/*", 0, &callback_check_glewlwyd_access_token, (void*)g_config);
 ```

example_callbacks/oauth2_bearer/glewlwyd_resource.c

@@ -2,7 +2,7 @@
  *
  * Glewlwyd OAuth2 Authorization token check
  *
- * Copyright 2016-2017 Nicolas Mora <[email protected]>
+ * Copyright 2016-2018 Nicolas Mora <[email protected]>
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public License
@@ -121,7 +121,7 @@ json_t * access_token_check_scope(struct _glewlwyd_resource_config * config, jso
           }
         }
         if (json_array_size(j_scope_final_list) > 0) {
-          j_res = json_pack("{siso}", "result", G_OK, "scope", json_copy(j_scope_final_list));
+          j_res = json_pack("{sisO}", "result", G_OK, "scope", j_scope_final_list);
         } else {
           j_res = json_pack("{si}", "result", G_ERROR_INSUFFICIENT_SCOPE);
         }
@@ -155,14 +155,24 @@ int access_token_check_validity(struct _glewlwyd_resource_config * config, json_
     // Token is valid, check type and expiration date
     time(&now);
     expiration = json_integer_value(json_object_get(j_access_token, "iat")) + json_integer_value(json_object_get(j_access_token, "expires_in"));
-    if (now < expiration && 
+    if (now < expiration &&
         json_object_get(j_access_token, "type") != NULL &&
-        json_is_string(json_object_get(j_access_token, "type")) &&
+        json_is_string(json_object_get(j_access_token, "type"))) {
+      if (config->accept_access_token &&
         0 == o_strcmp("access_token", json_string_value(json_object_get(j_access_token, "type"))) &&
         json_object_get(j_access_token, "username") != NULL &&
         json_is_string(json_object_get(j_access_token, "username")) &&
         json_string_length(json_object_get(j_access_token, "username")) > 0) {
-      res = G_OK;
+        res = G_OK;
+      } else if (config->accept_client_token &&
+        0 == o_strcmp("client_token", json_string_value(json_object_get(j_access_token, "type"))) &&
+        json_object_get(j_access_token, "client_id") != NULL &&
+        json_is_string(json_object_get(j_access_token, "client_id")) &&
+        json_string_length(json_object_get(j_access_token, "client_id")) > 0) {
+        res = G_OK;
+      } else {
+        res = G_ERROR_INVALID_REQUEST;
+      }
     } else {
       res = G_ERROR_INVALID_REQUEST;
     }

example_callbacks/oauth2_bearer/glewlwyd_resource.h

@@ -2,7 +2,7 @@
  *
  * Glewlwyd OAuth2 Authorization token check
  *
- * Copyright 2016-2017 Nicolas Mora <[email protected]>
+ * Copyright 2016-2018 Nicolas Mora <[email protected]>
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public License
@@ -37,11 +37,13 @@
 #define BODY_URL_PARAMETER   "access_token"
 
 struct _glewlwyd_resource_config {
-  int       method;
-  char *    oauth_scope;
-  char *    jwt_decode_key;
-  jwt_alg_t jwt_alg;
-  char *    realm;
+  int            method;
+  char *         oauth_scope;
+  char *         jwt_decode_key;
+  jwt_alg_t      jwt_alg;
+  char *         realm;
+  unsigned short accept_access_token;
+  unsigned short accept_client_token;
 };
 
 int callback_check_glewlwyd_access_token (const struct _u_request * request, struct _u_response * response, void * user_data);