auth
auth/oauth2.go
Fill out token.CreatedFrom. Add a GrantType.AuditString() string method that will return a string for an audit log. Basically, it returns enough information to identify how the token got created. For client credentials, that's just the string "client_credentials". For user credentials, that's just the string "credentials". For auth codes, that's "authcode:", followed by the code used. For refresh tokens, that's "refresh_token:", followed by the refresh token used.
1.1 --- a/oauth2.go Sun Jan 18 04:54:02 2015 -0500 1.2 +++ b/oauth2.go Sun Jan 18 05:03:17 2015 -0500 1.3 @@ -59,12 +59,16 @@ 1.4 // AllowsPublic determines whether the GrantType should allow public clients to use that grant. If true, clients without 1.5 // credentials will be able to use the grant to obtain a token. 1.6 // 1.7 +// AuditString should return the string that will be saved in the resulting Token's CreatedFrom field, as an audit log of how 1.8 +// the Token was authorized. 1.9 +// 1.10 // The ReturnToken will be called when a token is created and needs to be returned to the client. If it returns true, the token 1.11 // was successfully returned and the Invalidate function will be called asynchronously. 1.12 type GrantType struct { 1.13 Validate func(w http.ResponseWriter, r *http.Request, context Context) (scope string, profileID uuid.ID, valid bool) 1.14 Invalidate func(r *http.Request, context Context) error 1.15 ReturnToken func(w http.ResponseWriter, r *http.Request, token Token, context Context) bool 1.16 + AuditString func(r *http.Request) string 1.17 IssuesRefresh bool 1.18 AllowsPublic bool 1.19 } 1.20 @@ -376,6 +380,7 @@ 1.21 AccessToken: uuid.NewID().String(), 1.22 RefreshToken: refresh, 1.23 Created: time.Now(), 1.24 + CreatedFrom: gt.AuditString(r), 1.25 ExpiresIn: defaultTokenExpiration, 1.26 RefreshExpiresIn: defaultRefreshTokenExpiration, 1.27 TokenType: "bearer",