auth
auth/authd/server.go
Let's test our verifyClient function. C'mon, it'll be fun! Add a function that tests the verifyClient function to our unit test suite. Basically, make sure that all the conceivable types of input have the right logic flow for what a "valid client" is. Also leave a note in client.go that makes it clear that public clients _should not be issued secrets in the first place_, because a public client that is issued a secret and specifies its client ID using the `client_id` POST body format will be told that it is not a valid client. While there are ways around this, the spec clearly states that non-confidential clients are not supposed to be issued secrets, so this seems like a nice way to conform to the spec or break trying.
1 package main
3 import (
4 "html/template"
5 "log"
6 "net/http"
8 "code.secondbit.org/auth.hg"
9 "github.com/gorilla/mux"
10 )
12 func main() {
13 store := auth.NewMemstore()
14 config := auth.Config{
15 ClientStore: store,
16 AuthCodeStore: store,
17 ProfileStore: store,
18 TokenStore: store,
19 SessionStore: store,
20 Template: template.Must(template.New("base").ParseGlob("./templates/*.gotmpl")),
21 LoginURI: "/login",
22 }
23 err := config.Init()
24 if err != nil {
25 log.Fatal(err)
26 }
27 context, err := auth.NewContext(config)
28 if err != nil {
29 panic(err)
30 }
32 router := mux.NewRouter()
33 auth.RegisterOAuth2(router, context)
34 auth.RegisterSessionHandlers(router, context)
35 auth.RegisterProfileHandlers(router, context)
36 auth.RegisterClientHandlers(router, context)
37 http.Handle("/", router)
38 log.Fatal(http.ListenAndServe(":8080", nil))
39 }