HandleAccessRequest is the http.HandlerFunc for handling access token requests
(w *Response, r *http.Request)
| 112 | |
| 113 | // HandleAccessRequest is the http.HandlerFunc for handling access token requests |
| 114 | func (s *Server) HandleAccessRequest(w *Response, r *http.Request) *AccessRequest { |
| 115 | // Only allow GET or POST |
| 116 | if r.Method == "GET" { |
| 117 | if !s.Config.AllowGetAccessRequest { |
| 118 | s.setErrorAndLog(w, E_INVALID_REQUEST, errors.New("Request must be POST"), "access_request=%s", "GET request not allowed") |
| 119 | return nil |
| 120 | } |
| 121 | } else if r.Method != "POST" { |
| 122 | s.setErrorAndLog(w, E_INVALID_REQUEST, errors.New("Request must be POST"), "access_request=%s", "request must be POST") |
| 123 | return nil |
| 124 | } |
| 125 | |
| 126 | err := r.ParseForm() |
| 127 | if err != nil { |
| 128 | s.setErrorAndLog(w, E_INVALID_REQUEST, err, "access_request=%s", "parsing error") |
| 129 | return nil |
| 130 | } |
| 131 | |
| 132 | grantType := AccessRequestType(r.FormValue("grant_type")) |
| 133 | if s.Config.AllowedAccessTypes.Exists(grantType) { |
| 134 | switch grantType { |
| 135 | case AUTHORIZATION_CODE: |
| 136 | return s.handleAuthorizationCodeRequest(w, r) |
| 137 | case REFRESH_TOKEN: |
| 138 | return s.handleRefreshTokenRequest(w, r) |
| 139 | case PASSWORD: |
| 140 | return s.handlePasswordRequest(w, r) |
| 141 | case CLIENT_CREDENTIALS: |
| 142 | return s.handleClientCredentialsRequest(w, r) |
| 143 | case ASSERTION: |
| 144 | return s.handleAssertionRequest(w, r) |
| 145 | } |
| 146 | } |
| 147 | |
| 148 | s.setErrorAndLog(w, E_UNSUPPORTED_GRANT_TYPE, nil, "access_request=%s", "unknown grant type") |
| 149 | return nil |
| 150 | } |
| 151 | |
| 152 | func (s *Server) handleAuthorizationCodeRequest(w *Response, r *http.Request) *AccessRequest { |
| 153 | // get client authentication |