1 |
|
-module(cyrsasl_oauth). |
2 |
|
-author('adrian.stachurski@erlang-solutions.com'). |
3 |
|
|
4 |
|
-export([mechanism/0, mech_new/3, mech_step/2]). |
5 |
|
|
6 |
|
-ignore_xref([mech_new/3]). |
7 |
|
|
8 |
|
-behaviour(cyrsasl). |
9 |
|
|
10 |
|
-record(state, {creds}). |
11 |
|
|
12 |
|
-spec mechanism() -> cyrsasl:mechanism(). |
13 |
|
mechanism() -> |
14 |
5967 |
<<"X-OAUTH">>. |
15 |
|
|
16 |
|
-spec mech_new(Host :: jid:server(), |
17 |
|
Creds :: mongoose_credentials:t(), |
18 |
|
Socket :: term()) -> {ok, tuple()}. |
19 |
|
mech_new(_Host, Creds, _Socket) -> |
20 |
7 |
{ok, #state{creds = Creds}}. |
21 |
|
|
22 |
|
-spec mech_step(State :: tuple(), |
23 |
|
ClientIn :: binary()) -> {ok, mongoose_credentials:t()} |
24 |
|
| {error, binary()}. |
25 |
|
mech_step(#state{creds = Creds}, SerializedToken) -> |
26 |
|
%% SerializedToken is a token decoded from CDATA <auth/> body sent by client |
27 |
7 |
HostType = mongoose_credentials:host_type(Creds), |
28 |
7 |
case mod_auth_token:authenticate(HostType, SerializedToken) of |
29 |
|
% Validating access token |
30 |
|
{ok, AuthModule, User} -> |
31 |
2 |
{ok, mongoose_credentials:extend(Creds, |
32 |
|
[{username, User}, |
33 |
|
{auth_module, AuthModule}])}; |
34 |
|
% Validating refresh token and returning new tokens |
35 |
|
{ok, AuthModule, User, AccessToken} -> |
36 |
2 |
{ok, mongoose_credentials:extend(Creds, |
37 |
|
[{username, User}, |
38 |
|
{auth_module, AuthModule}, |
39 |
|
{sasl_success_response, AccessToken}])}; |
40 |
|
{error, {Username, _}} -> |
41 |
2 |
{error, <<"not-authorized">>, Username}; |
42 |
|
{error, _Reason} -> |
43 |
1 |
{error, <<"not-authorized">>} |
44 |
|
end. |