auth

     1.1 --- a/oauth2.go	Sat Dec 06 01:47:34 2014 -0500
     1.2 +++ b/oauth2.go	Sat Dec 06 02:03:20 2014 -0500
     1.3 @@ -299,6 +299,7 @@
     1.4  // GetTokenHandler allows a client to exchange an authorization grant for an
     1.5  // access token. See RFC 6749 Section 4.1.3.
     1.6  func GetTokenHandler(w http.ResponseWriter, r *http.Request, context Context) {
     1.7 +	// BUG(paddy): this function is an absolute mess. Honestly, it should be more general purpose, with each grant mode being called based on the grant_type POST form value. Basically, each grant type could have its own function, accepting the Request and ResponseWriter, and returning a boolean if the request should continue being processed or not. The function is in charge of validating the grant, which offers more flexible extensibiliy when adding grant types and easier testing, while also making the token distribution code easier to reuse in an elegant way. There is a minor problem that the token distribution code has some dependencies on the grant type being used (some grant types don't issue refresh tokens, for example) but that's a minor issue. Something like a map of string -> custom grantType struct would fix that. The struct could hold the function to call to validate the grant type and booleans that impact the token issuance. Then you do a map lookup based on the POST form value, and call the function or read the booleans as needed. If we use the same "register" pattern found in database/sql drivers, allowing grant types to register themselves, it'll be possible to add a grant type without even touching this function.
     1.8  	enc := json.NewEncoder(w)
     1.9  	grantType := r.PostFormValue("grant_type")
    1.10  	if grantType != "authorization_code" {