third_codes/oauth2
1
0
Fork 0
mirror of https://github.com/golang/oauth2.git synced 2025-07-21 00:00:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

oauth2: allow users to register broken OAuth2 implementations

Browse Source 
Fixes golang/oauth2#111.

Change-Id: Iaea8adb038bcff91b4b468b1a3bdaa5c03d7e8e7
Reviewed-on: https://go-review.googlesource.com/16976
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Burcu Dogan 2015-11-16 13:49:40 -08:00
parent 2bf5e6e27a
commit 442624c9ec
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/token.go
View File

@ -115,6 +115,10 @@ var brokenAuthHeaderProviders = []string{
"https://www.strava.com/oauth/", "https://www.strava.com/oauth/",
} }
func RegisterBrokenAuthHeaderProvider(tokenURL string) {
brokenAuthHeaderProviders = append(brokenAuthHeaderProviders, tokenURL)
}
// providerAuthHeaderWorks reports whether the OAuth2 server identified by the tokenURL // providerAuthHeaderWorks reports whether the OAuth2 server identified by the tokenURL
// implements the OAuth2 spec correctly // implements the OAuth2 spec correctly
// See https://code.google.com/p/goauth2/issues/detail?id=31 for background. // See https://code.google.com/p/goauth2/issues/detail?id=31 for background.

8
internal/token_test.go
View File

@ -10,6 +10,14 @@ import (
"testing" "testing"
) )
func TestRegisterBrokenAuthHeaderProvider(t *testing.T) {
RegisterBrokenAuthHeaderProvider("https://aaa.com/")
tokenURL := "https://aaa.com/token"
if providerAuthHeaderWorks(tokenURL) {
t.Errorf("URL: %s is a broken provider", tokenURL)
}
}
func Test_providerAuthHeaderWorks(t *testing.T) { func Test_providerAuthHeaderWorks(t *testing.T) {
for _, p := range brokenAuthHeaderProviders { for _, p := range brokenAuthHeaderProviders {
if providerAuthHeaderWorks(p) { if providerAuthHeaderWorks(p) {

12
oauth2.go
View File

@ -23,6 +23,18 @@ import (
// your own context.Context (see https://golang.org/x/net/context). // your own context.Context (see https://golang.org/x/net/context).
var NoContext = context.TODO() var NoContext = context.TODO()
// RegisterBrokenAuthHeaderProvider registers an OAuth2 server
// identified by the tokenURL prefix as an OAuth2 implementation
// which doesn't support the HTTP Basic authentication
// scheme to authenticate with the authorization server.
// Once a server is registered, credentials (client_id and client_secret)
// will be passed as query parameters rather than being present
// in the Authorization header.
// See https://code.google.com/p/goauth2/issues/detail?id=31 for background.
func RegisterBrokenAuthHeaderProvider(tokenURL string) {
internal.RegisterBrokenAuthHeaderProvider(tokenURL)
}
// Config describes a typical 3-legged OAuth2 flow, with both the // Config describes a typical 3-legged OAuth2 flow, with both the
// client application information and the server's endpoint URLs. // client application information and the server's endpoint URLs.
type Config struct { type Config struct {