Allows clients to authorize users according to the OAuth 2.0 protocol. More...
#include <Wt/Auth/OAuthAuthorizationEndpointProcess.h>
Public Member Functions | |
| OAuthAuthorizationEndpointProcess (Login &login, AbstractUserDatabase &db) | |
| Constructor. | |
| void | processEnvironment () |
| Processes the environment and authorizes the user when already logged in. More... | |
| bool | validRequest () const |
| Returns true if the request was a valid OAuth request with the correct parameters. | |
| Signal< std::string > & | authorized () |
| This signal is emitted when the user has successfully logged in. More... | |
| void | authorizeScope (const std::string &scope) |
| Authorize the given scope and redirect the user. More... | |
| void | setAuthCodeExpSecs (int seconds) |
| Sets the amount of seconds after which generated authorization codes expire. More... | |
 Public Member Functions inherited from Wt::WObject | |
| void | addChild (std::unique_ptr< WObject > child) |
| Add a child WObject whose lifetime is determined by this WObject. | |
| template<typename Child > | |
| Child * | addChild (std::unique_ptr< Child > child) |
| Add a child WObject, returning a raw pointer. More... | |
| std::unique_ptr< WObject > | removeChild (WObject *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. | |
| template<typename Child > | |
| std::unique_ptr< Child > | removeChild (Child *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. More... | |
| virtual const std::string | id () const |
| Returns the (unique) identifier for this object. More... | |
| virtual void | setObjectName (const std::string &name) |
| Sets an object name. More... | |
| virtual std::string | objectName () const |
| Returns the object name. More... | |
| void | resetLearnedSlots () |
| Resets learned stateless slot implementations. More... | |
| template<class T > | |
| void | resetLearnedSlot (void(T::*method)()) |
| Resets a learned stateless slot implementation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)()) |
| Declares a slot to be stateless and learn client-side behaviour on first invocation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
| Declares a slot to be stateless and learn client-side behaviour in advance. More... | |
| void | isNotStateless () |
| Marks the current function as not stateless. More... | |
| template<class T > | |
| WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
| Provides a JavaScript implementation for a method. More... | |
| Public Member Functions inherited from Wt::Core::observable | |
| observable () noexcept | |
| Default constructor. | |
| virtual | ~observable () |
| Destructor. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...)) noexcept |
| Protects a method call against object destruction. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...) const) const noexcept |
| Protects a const method call against object destruction. More... | |
| template<typename Function > | |
| auto | bindSafe (const Function &function) noexcept |
| Protects a function against object destruction. More... | |
Additional Inherited Members | |
| Public Types inherited from Wt::WObject | |
| typedef void(WObject::* | Method) () |
| Typedef for a WObject method without arguments. | |
| Protected Member Functions inherited from Wt::WObject | |
| virtual WStatelessSlot * | getStateless (Method method) |
| On-demand stateless slot implementation. More... | |
Detailed Description
Allows clients to authorize users according to the OAuth 2.0 protocol.
This class will process the environment and perform the authorization of the user if this is possible. If this is successful, an authorization code will be sent to the client.
The following URL parameters are expected: "client_id", which obviously has to contain a valid client ID. "redirect_uri", which has to be a valid redirect URI where the user will be redirected to when the authorization has been succesful. "scope", which has to be set to the scope of the requested information. "response_type", which has to be set to "code". If the "state" parameter has been included, it will be passed on as a paremeter to the redirect URI.
When the client ID and the redirect URI is valid but something else went wrong, an "error=invalid_request" will be sent to the client. If the user failed to log in correctly "error=login_required" will be sent. If everything went OK, the "code" parameter is included which can be used to obtain a token from a token endpoint.
See https://tools.ietf.org/rfc/rfc6749.txt for more information.
This class relies on a correct implementation of several function in the AbstractUserDatabase. Namely AbstractUserDatabase::idpClientFindWithId, AbstractUserDatabase::idpTokenAdd, and AbstractUserDatabase::idpClientRedirectUris.
Must be deployed with TLS.
Example:
Member Function Documentation
◆ authorized()
| Signal<std::string>& Wt::Auth::OAuthAuthorizationEndpointProcess::authorized | ( | ) |
This signal is emitted when the user has successfully logged in.
When the user has successfully logged in and the request is valid, this signal will be emitted and the user can be redirected to the redirect URI using authorizeScope.
This signal supplies the scope as argument.
◆ authorizeScope()
| void Wt::Auth::OAuthAuthorizationEndpointProcess::authorizeScope | ( | const std::string & | scope | ) |
Authorize the given scope and redirect the user.
If the user has successfully logged in this function will redirect the user to the redirect URI with a valid "code" parameter which is only valid for the given scope.
◆ processEnvironment()
| void Wt::Auth::OAuthAuthorizationEndpointProcess::processEnvironment | ( | ) |
Processes the environment and authorizes the user when already logged in.
The authorized() signal should be connected before calling this function.
◆ setAuthCodeExpSecs()
| void Wt::Auth::OAuthAuthorizationEndpointProcess::setAuthCodeExpSecs | ( | int | seconds | ) |
Sets the amount of seconds after which generated authorization codes expire.
This defaults to 600 seconds.
