Class OAuthAuthorizationEndpointProcess
This class will process the environment and perform the authorization of the user if this is possible. If this is successful, an authorization code will be sent to the client.
The following URL parameters are expected: "client_id", which obviously has to contain a valid client ID. "redirect_uri", which has to be a valid redirect URI where the user will be redirected to when the authorization has been succesful. "scope", which has to be set to the scope of the requested information. "response_type", which has to be set to "code". If the "state" parameter has been included, it will be passed on as a paremeter to the redirect URI.
When the client ID and the redirect URI is valid but something else went wrong, an "error=invalid_request" will be sent to the client. If the user failed to log in correctly "error=login_required" will be sent. If everything went OK, the "code" parameter is included which can be used to obtain a token from a token endpoint.
See https://tools.ietf.org/rfc/rfc6749.txt for more information.
This class relies on a correct implementation of several function in the AbstractUserDatabase
. Namely AbstractUserDatabase#idpClientFindWithId()
, AbstractUserDatabase#idpTokenAdd()
, and AbstractUserDatabase#idpClientRedirectUris()
.
Must be deployed with TLS.
Example:
process = std::make_unique<OAuthAuthorizationEndpointProcess>(
login,
database);
process.authorized().connect(
process.get(),
&OAuthAuthorizationEndpointProcess::authorizeScope);
process.processEnvironment();
if (process.validRequest()) {
root().addWidget(std::move(authWidget));
} else
root().addWidget(std::make_unique<Wt::WText>(Wt::utf8("The request was invalid."));
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WObject
WObject.FormData
-
Field Summary
-
Constructor Summary
ConstructorDescriptionConstructor. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
This signal is emitted when the user has successfully logged in.void
authorizeScope
(String scope) Authorize the given scope and redirect the user.boolean
Returns true if the request was a valid OAuth request with the correct parameters.void
Processes the environment and authorizes the user when already logged in.void
setAuthCodeExpSecs
(int seconds) Sets the amount of seconds after which generated authorization codes expire.Methods inherited from class eu.webtoolkit.jwt.WObject
getId, getObjectName, remove, setFormData, setObjectName, tr
-
Field Details
-
db_
-
-
Constructor Details
-
OAuthAuthorizationEndpointProcess
Constructor.
-
-
Method Details
-
processEnvironment
public void processEnvironment()Processes the environment and authorizes the user when already logged in.The
authorized()
signal should be connected before calling this function. -
isValidRequest
public boolean isValidRequest()Returns true if the request was a valid OAuth request with the correct parameters. -
authorized
This signal is emitted when the user has successfully logged in.When the user has successfully logged in and the request is valid, this signal will be emitted and the user can be redirected to the redirect URI using authorizeScope.
This signal supplies the scope as argument.
-
authorizeScope
Authorize the given scope and redirect the user.If the user has successfully logged in this function will redirect the user to the redirect URI with a valid "code" parameter which is only valid for the given scope.
-
setAuthCodeExpSecs
public void setAuthCodeExpSecs(int seconds) Sets the amount of seconds after which generated authorization codes expire.This defaults to 600 seconds.
-
authEvent
protected void authEvent()
-