google: Make state configurable in DefaultAuthorizationHandler

This commit is contained in:
Andy Zhao 2020-06-04 22:27:52 -07:00
parent ceaa866219
commit 04f020b1f2
2 changed files with 24 additions and 9 deletions

View File

@ -6,18 +6,33 @@ package google
import ( import (
"fmt" "fmt"
"github.com/google/uuid"
) )
const DefaultState = "state" // RandomAuthorizationState generates a state via UUID generator.
func RandomAuthorizationState() string {
return uuid.New().String()
}
// DefaultAuthorizationHandler is a commandline-based auth handler // DefaultAuthorizationHandler returns a command line auth handler
// that prints the auth URL on the console and prompts the user to // that prints the auth URL on the console and prompts the user to
// authorize in the browser and paste the auth code back via stdin. // authorize in the browser and paste the auth code back via stdin.
// When using this auth handler, DefaultState must be used. //
func DefaultAuthorizationHandler(authCodeUrl string) (string, string, error) { // For convenience, this handler returns a pre-configured state
fmt.Printf("Go to the following link in your browser:\n\n %s\n\n", authCodeUrl) // instead of asking the user to additionally paste the state from
fmt.Println("Enter verification code: ") // the auth response. In order for this to work, the state
// configured here should match the one in the oauth2 AuthTokenURL.
func DefaultAuthorizationHandler(state string) AuthorizationHandler {
return func(authCodeURL string) (string, string, error) {
return defaultAuthorizationHandlerHelper(state, authCodeURL)
}
}
func defaultAuthorizationHandlerHelper(state string, authCodeURL string) (string, string, error) {
fmt.Printf("Go to the following link in your browser:\n\n %s\n\n", authCodeURL)
fmt.Println("Enter authorization code: ")
var code string var code string
fmt.Scanln(&code) fmt.Scanln(&code)
return code, DefaultState, nil return code, state, nil
} }

View File

@ -220,13 +220,13 @@ type AuthorizationHandler func(string) (string, string, error)
// An environment-specific AuthorizationHandler is used to obtain user consent. // An environment-specific AuthorizationHandler is used to obtain user consent.
// Per OAuth protocol, a unique "state" string should be sent and verified // Per OAuth protocol, a unique "state" string should be sent and verified
// before token exchange to prevent CSRF attacks. // before token exchange to prevent CSRF attacks.
func OAuthClientTokenSource(config oauth2.Config, ctx context.Context, authHandler AuthorizationHandler, state string) oauth2.TokenSource { func OAuthClientTokenSource(ctx context.Context, config *oauth2.Config, authHandler AuthorizationHandler, state string) oauth2.TokenSource {
return oauth2.ReuseTokenSource(nil, oauthClientSource{config: config, ctx: ctx, authHandler: authHandler, state: state}) return oauth2.ReuseTokenSource(nil, oauthClientSource{config: config, ctx: ctx, authHandler: authHandler, state: state})
} }
type oauthClientSource struct { type oauthClientSource struct {
config oauth2.Config
ctx context.Context ctx context.Context
config *oauth2.Config
authHandler AuthorizationHandler authHandler AuthorizationHandler
state string state string
} }