diff --git a/example_callbacks/oauth2_bearer/README.md b/example_callbacks/oauth2_bearer/README.md index 69cbc3df..3419e6a5 100644 --- a/example_callbacks/oauth2_bearer/README.md +++ b/example_callbacks/oauth2_bearer/README.md @@ -6,11 +6,13 @@ To use this file, you must create a `struct _glewlwyd_resource_config` with your ```C struct _glewlwyd_resource_config { - int method; // Values are G_METHOD_HEADER, G_METHOD_BODY or G_METHOD_URL for the access_token location, see https://tools.ietf.org/html/rfc6750 - char * oauth_scope; // Scope values required by the resource, multiple values must be separated by a space character - char * jwt_decode_key; // The key used to decode an access token - jwt_alg_t jwt_alg; // The algorithm used to encode a token, see http://benmcollins.github.io/libjwt/ - char * realm; // Optional, a realm value that will be sent back to the client + int method; // Values are G_METHOD_HEADER, G_METHOD_BODY or G_METHOD_URL for the access_token location, see https://tools.ietf.org/html/rfc6750 + char * oauth_scope; // Scope values required by the resource, multiple values must be separated by a space character + char * jwt_decode_key; // The key used to decode an access token + jwt_alg_t jwt_alg; // The algorithm used to encode a token, see http://benmcollins.github.io/libjwt/ + char * realm; // Optional, a realm value that will be sent back to the client + unsigned short accept_access_token; // required, accept type acces_token + unsigned short accept_client_token; // required, accept type client_token }; ``` @@ -23,10 +25,9 @@ g_config.oauth_scope = "scope1"; g_config.jwt_decode_key = "secret"; g_config.jwt_alg = JWT_ALG_HS512; g_config.realm = "example"; +g_config.accept_access_token = 1; +g_config.accept_client_token = 0; -// First example, add an endpoint with the authentication callback callback_check_glewlwyd_access_token -ulfius_add_endpoint_by_val(instance, "GET", "/api", "/resurce/:id", &callback_check_glewlwyd_access_token, (void*)g_config, NULL, &callback_get_resource, (void*)config); - -// Second example, use callback_check_glewlwyd_access_token as a default authentication callback -ulfius_set_default_auth_function(instance, &callback_check_glewlwyd_access_token, (void*)g_config, NULL); +// Example, add an authentication callback callback_check_glewlwyd_access_token for the endpoint GET "/api/resource/*" +ulfius_add_endpoint_by_val(instance, "GET", "/api", "/resource/*", 0, &callback_check_glewlwyd_access_token, (void*)g_config); ``` diff --git a/example_callbacks/oauth2_bearer/glewlwyd_resource.c b/example_callbacks/oauth2_bearer/glewlwyd_resource.c index 8866ecaf..cb972421 100644 --- a/example_callbacks/oauth2_bearer/glewlwyd_resource.c +++ b/example_callbacks/oauth2_bearer/glewlwyd_resource.c @@ -2,7 +2,7 @@ * * Glewlwyd OAuth2 Authorization token check * - * Copyright 2016-2017 Nicolas Mora + * Copyright 2016-2018 Nicolas Mora * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -121,7 +121,7 @@ json_t * access_token_check_scope(struct _glewlwyd_resource_config * config, jso } } if (json_array_size(j_scope_final_list) > 0) { - j_res = json_pack("{siso}", "result", G_OK, "scope", json_copy(j_scope_final_list)); + j_res = json_pack("{sisO}", "result", G_OK, "scope", j_scope_final_list); } else { j_res = json_pack("{si}", "result", G_ERROR_INSUFFICIENT_SCOPE); } @@ -155,14 +155,24 @@ int access_token_check_validity(struct _glewlwyd_resource_config * config, json_ // Token is valid, check type and expiration date time(&now); expiration = json_integer_value(json_object_get(j_access_token, "iat")) + json_integer_value(json_object_get(j_access_token, "expires_in")); - if (now < expiration && + if (now < expiration && json_object_get(j_access_token, "type") != NULL && - json_is_string(json_object_get(j_access_token, "type")) && + json_is_string(json_object_get(j_access_token, "type"))) { + if (config->accept_access_token && 0 == o_strcmp("access_token", json_string_value(json_object_get(j_access_token, "type"))) && json_object_get(j_access_token, "username") != NULL && json_is_string(json_object_get(j_access_token, "username")) && json_string_length(json_object_get(j_access_token, "username")) > 0) { - res = G_OK; + res = G_OK; + } else if (config->accept_client_token && + 0 == o_strcmp("client_token", json_string_value(json_object_get(j_access_token, "type"))) && + json_object_get(j_access_token, "client_id") != NULL && + json_is_string(json_object_get(j_access_token, "client_id")) && + json_string_length(json_object_get(j_access_token, "client_id")) > 0) { + res = G_OK; + } else { + res = G_ERROR_INVALID_REQUEST; + } } else { res = G_ERROR_INVALID_REQUEST; } diff --git a/example_callbacks/oauth2_bearer/glewlwyd_resource.h b/example_callbacks/oauth2_bearer/glewlwyd_resource.h index e00a994e..0a3b51ae 100644 --- a/example_callbacks/oauth2_bearer/glewlwyd_resource.h +++ b/example_callbacks/oauth2_bearer/glewlwyd_resource.h @@ -2,7 +2,7 @@ * * Glewlwyd OAuth2 Authorization token check * - * Copyright 2016-2017 Nicolas Mora + * Copyright 2016-2018 Nicolas Mora * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -37,11 +37,13 @@ #define BODY_URL_PARAMETER "access_token" struct _glewlwyd_resource_config { - int method; - char * oauth_scope; - char * jwt_decode_key; - jwt_alg_t jwt_alg; - char * realm; + int method; + char * oauth_scope; + char * jwt_decode_key; + jwt_alg_t jwt_alg; + char * realm; + unsigned short accept_access_token; + unsigned short accept_client_token; }; int callback_check_glewlwyd_access_token (const struct _u_request * request, struct _u_response * response, void * user_data);