Wt
4.11.1
|
An OAuth authorization (and authentication) process. More...
Classes | |
class | TokenError |
Exception thrown while parsing a token response. More... | |
Public Member Functions | |
const std::string & | scope () const |
Returns the scope for which this process was created. More... | |
const OAuthService & | service () const |
Returns the OAuth service which spawned this process. More... | |
virtual void | startAuthorize () |
Starts an authorization process. More... | |
virtual void | startAuthenticate () |
Starts an authorization and authentication process. More... | |
virtual void | getIdentity (const OAuthAccessToken &token) |
Obtains an authenticated identity. More... | |
WString | error () const |
Error information, in case authentication or identification failed. More... | |
const OAuthAccessToken & | token () const |
Returns the access token. More... | |
Signal< OAuthAccessToken > & | authorized () |
Authorization signal. More... | |
Signal< Identity > & | authenticated () |
Authentication signal. More... | |
Public Member Functions inherited from Wt::WObject | |
void | addChild (std::unique_ptr< WObject > child) |
Add a child WObject whose lifetime is determined by this WObject. | |
template<typename Child > | |
Child * | addChild (std::unique_ptr< Child > child) |
Add a child WObject, returning a raw pointer. More... | |
std::unique_ptr< WObject > | removeChild (WObject *child) |
Remove a child WObject, so its lifetime is no longer determined by this WObject. | |
template<typename Child > | |
std::unique_ptr< Child > | removeChild (Child *child) |
Remove a child WObject, so its lifetime is no longer determined by this WObject. More... | |
virtual const std::string | id () const |
Returns the (unique) identifier for this object. More... | |
virtual void | setObjectName (const std::string &name) |
Sets an object name. More... | |
virtual std::string | objectName () const |
Returns the object name. More... | |
void | resetLearnedSlots () |
Resets learned stateless slot implementations. More... | |
template<class T > | |
void | resetLearnedSlot (void(T::*method)()) |
Resets a learned stateless slot implementation. More... | |
template<class T > | |
WStatelessSlot * | implementStateless (void(T::*method)()) |
Declares a slot to be stateless and learn client-side behaviour on first invocation. More... | |
template<class T > | |
WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
Declares a slot to be stateless and learn client-side behaviour in advance. More... | |
void | isNotStateless () |
Marks the current function as not stateless. More... | |
template<class T > | |
WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
Provides a JavaScript implementation for a method. More... | |
Public Member Functions inherited from Wt::Core::observable | |
observable () noexcept | |
Default constructor. | |
virtual | ~observable () |
Destructor. More... | |
template<typename... Args, typename C > | |
auto | bindSafe (void(C::*method)(Args...)) noexcept |
Protects a method call against object destruction. More... | |
template<typename... Args, typename C > | |
auto | bindSafe (void(C::*method)(Args...) const) const noexcept |
Protects a const method call against object destruction. More... | |
template<typename Function > | |
auto | bindSafe (const Function &function) noexcept |
Protects a function against object destruction. More... | |
Protected Member Functions | |
OAuthProcess (const OAuthService &service, const std::string &scope) | |
Constructor. More... | |
virtual OAuthAccessToken | parseTokenResponse (const Http::Message &response) |
Parses the response for a token request. More... | |
virtual void | setError (const WString &e) |
Sets the error. More... | |
Protected Member Functions inherited from Wt::WObject | |
virtual WStatelessSlot * | getStateless (Method method) |
On-demand stateless slot implementation. More... | |
Additional Inherited Members | |
Public Types inherited from Wt::WObject | |
typedef void(WObject::* | Method) () |
Typedef for a WObject method without arguments. | |
An OAuth authorization (and authentication) process.
The process implements the state machine that is needed to complete an OAuth authorization cycle.
Optionally, it also provides authentication, by using the service-specific logic which uses the access token to return identity information.
A process is created for a particular scope, which represents what kind of information one wants to access, and which is used to inform the user of the kind of operations he needs to authorize for your application to make with his protected data.
The configuration of the service is done using properties which are specific to the 3rd party provider and discussed in sub classes of this class. There is one property, which is optional, which can be configured here which is a secret used for creating the OAuth2 'state' hash. By default, the library will create this secret from a random generator, and this is sufficient for single-process deployments. For multi-process deployments (e.g. FastCGI), however the same value must be used in all processes and thus needs to be pre-configured.
oauth2-secret
: a secret used for creating a state hashes.For example:
|
protected |
Constructor.
Authentication signal.
This signal indicates the end of an authentication process started with startAuthenticate() or getIdentity(). If the authentication process was successful, then the parameter is a valid and authentic identity. If the authentication process failed then the identity parameter is invalid, and you can get more information using error().
Authentication can fail because authorization failed (in case of startAuthenticate()), or because of a protocol error, or configuration problem.
Signal<OAuthAccessToken>& Wt::Auth::OAuthProcess::authorized | ( | ) |
Authorization signal.
This signal indicates the end of an authorization process started with startAuthorize(). If the authorization process was successful, then the parameter carries a valid access token that was obtained. If the authorization process failed then the access token parameter is invalid, and you can get more information using error().
Authorization can fail because of a protocol error, aconfiguration problem, or because the user denied the authorization.
WString Wt::Auth::OAuthProcess::error | ( | ) | const |
Error information, in case authentication or identification failed.
The error message contains details when the authorized() or authenticated() signals indicate respectively an invalid token or invalid identity.
|
virtual |
Obtains an authenticated identity.
The authentication process uses an access token to issue one or more protected requests for obtaining identity information. This is not part of the OAuth protocol, since OAuth does not standardize the use of the access token to obtain this information.
The authentication process ends with the authenticated() signal which signals the obtained identity.
Reimplemented in Wt::Auth::OidcProcess.
|
protectedvirtual |
Parses the response for a token request.
Throws a TokenError when the response indicates an error, or when the response could not be properly parsed.
Some OAuth implementations may uses a non-standard encoding of the token.
const std::string& Wt::Auth::OAuthProcess::scope | ( | ) | const |
Returns the scope for which this process was created.
The scope represents how much protected information the web application wants to access, and in what way.
const OAuthService& Wt::Auth::OAuthProcess::service | ( | ) | const |
Returns the OAuth service which spawned this process.
|
protectedvirtual |
Sets the error.
This should be used in getIdentity() implementations to set the error, before emitting authenticated() with an invalid Identity.
|
virtual |
Starts an authorization and authentication process.
This is startAuthorize() followed by getIdentity().
This requires that the process is created with an authorization scope that includes sufficient rights for authentication (at least OAuthService::authenticationScope())
The authentication process ends with the authenticated() signal which signals the obtained identity.
Reimplemented in Wt::Auth::OidcProcess.
|
virtual |
Starts an authorization process.
This starts an authorization process to request an accesstoken to access protected information within the process scope.
The authorization process ends with the authorized() signal which signals the obtained token.
const OAuthAccessToken& Wt::Auth::OAuthProcess::token | ( | ) | const |
Returns the access token.
This returns the access token that was obtained in the last authorization cycle.