本文整理匯總了Golang中github.com/RangelReale/osin.AuthorizeRequest.Scope方法的典型用法代碼示例。如果您正苦於以下問題:Golang AuthorizeRequest.Scope方法的具體用法?Golang AuthorizeRequest.Scope怎麽用?Golang AuthorizeRequest.Scope使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類github.com/RangelReale/osin.AuthorizeRequest的用法示例。
在下文中一共展示了AuthorizeRequest.Scope方法的1個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: HandleAuthorize
// HandleAuthorize implements osinserver.AuthorizeHandler to ensure the requested scopes have been authorized.
// The AuthorizeRequest.Authorized field must already be set to true for the grant check to occur.
// If the requested scopes are authorized, the AuthorizeRequest is unchanged.
// If the requested scopes are not authorized, or an error occurs, AuthorizeRequest.Authorized is set to false.
// If the response is written, true is returned.
// If the response is not written, false is returned.
func (h *GrantCheck) HandleAuthorize(ar *osin.AuthorizeRequest, resp *osin.Response, w http.ResponseWriter) (bool, error) {
// Requests must already be authorized before we will check grants
if !ar.Authorized {
return false, nil
}
// Reset request to unauthorized until we verify the grant
ar.Authorized = false
user, ok := ar.UserData.(user.Info)
if !ok || user == nil {
utilruntime.HandleError(fmt.Errorf("the provided user data is not a user.Info object: %#v", user))
resp.SetError("server_error", "")
return false, nil
}
client, ok := ar.Client.GetUserData().(*oauthapi.OAuthClient)
if !ok || client == nil {
utilruntime.HandleError(fmt.Errorf("the provided client is not an *api.OAuthClient object: %#v", client))
resp.SetError("server_error", "")
return false, nil
}
// Normalize the scope request, and ensure all tokens contain a scope
scopes := scope.Split(ar.Scope)
if len(scopes) == 0 {
scopes = append(scopes, scopeauthorizer.UserFull)
}
ar.Scope = scope.Join(scopes)
// Validate the requested scopes
if scopeErrors := validation.ValidateScopes(scopes, nil); len(scopeErrors) > 0 {
resp.SetError("invalid_scope", scopeErrors.ToAggregate().Error())
return false, nil
}
invalidScopes := sets.NewString()
for _, scope := range scopes {
if err := scopeauthorizer.ValidateScopeRestrictions(client, scope); err != nil {
invalidScopes.Insert(scope)
}
}
if len(invalidScopes) > 0 {
resp.SetError("access_denied", fmt.Sprintf("scope denied: %s", strings.Join(invalidScopes.List(), " ")))
return false, nil
}
grant := &api.Grant{
Client: ar.Client,
Scope: ar.Scope,
Expiration: int64(ar.Expiration),
RedirectURI: ar.RedirectUri,
}
// Check if the user has already authorized this grant
authorized, err := h.check.HasAuthorizedClient(user, grant)
if err != nil {
utilruntime.HandleError(err)
resp.SetError("server_error", "")
return false, nil
}
if authorized {
ar.Authorized = true
return false, nil
}
// React to an unauthorized grant
authorized, handled, err := h.handler.GrantNeeded(user, grant, w, ar.HttpRequest)
if authorized {
ar.Authorized = true
}
return handled, err
}