auth
auth/grant.go
Update CheckEndpoints for strict checking, add CountEndpoints. Create a "strict" mode for CheckEndpoints that will only return true on an exact match, and update the memstore implementation accordingly. Add tests to make sure that the strict mode is adhered to. We need this mode because in certain situations (e.g., the client has more than one endpoint registered), the spec demands a full-string comparison. Add a CountEndpoints method to the ClientStore that will return the number of endpoints registered for a specific client. As we just mentioned, the rules for how a redirect URI is validated depend upon the number of endpoints a client has registered, so we need to be able to get at that number.
1 package auth
3 import (
4 "errors"
5 "time"
7 "code.secondbit.org/uuid"
8 )
10 var (
11 ErrNoGrantStore = errors.New("no GrantStore was specified for the Context")
12 ErrGrantNotFound = errors.New("grant not found in GrantStore")
13 ErrGrantAlreadyExists = errors.New("grant already exists in GrantStore")
14 )
16 type Grant struct {
17 Code string
18 Created time.Time
19 ExpiresIn int32
20 ClientID uuid.ID
21 Scope string
22 RedirectURI string
23 State string
24 }
26 type GrantStore interface {
27 GetGrant(code string) (Grant, error)
28 SaveGrant(grant Grant) error
29 DeleteGrant(code string) error
30 }
32 func (m *Memstore) GetGrant(code string) (Grant, error) {
33 m.grantLock.RLock()
34 defer m.grantLock.RUnlock()
35 grant, ok := m.grants[code]
36 if !ok {
37 return Grant{}, ErrGrantNotFound
38 }
39 return grant, nil
40 }
42 func (m *Memstore) SaveGrant(grant Grant) error {
43 m.grantLock.Lock()
44 defer m.grantLock.Unlock()
45 _, ok := m.grants[grant.Code]
46 if ok {
47 return ErrGrantAlreadyExists
48 }
49 m.grants[grant.Code] = grant
50 return nil
51 }
53 func (m *Memstore) DeleteGrant(code string) error {
54 m.grantLock.Lock()
55 defer m.grantLock.Unlock()
56 _, ok := m.grants[code]
57 if !ok {
58 return ErrGrantNotFound
59 }
60 delete(m.grants, code)
61 return nil
62 }