line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package OIDC::Lite::Server::GrantHandler::AuthorizationCode; |
2
|
1
|
|
|
1
|
|
5
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
33
|
|
3
|
1
|
|
|
1
|
|
5
|
use warnings; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
33
|
|
4
|
1
|
|
|
1
|
|
6
|
use parent 'OAuth::Lite2::Server::GrantHandler'; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
6
|
|
5
|
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
use Carp (); |
7
|
|
|
|
|
|
|
use OAuth::Lite2::Server::Error; |
8
|
|
|
|
|
|
|
use OAuth::Lite2::ParamMethod::AuthHeader; |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
sub handle_request { |
11
|
|
|
|
|
|
|
my ($self, $dh) = @_; |
12
|
|
|
|
|
|
|
|
13
|
|
|
|
|
|
|
my $req = $dh->request; |
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
my $parser = OAuth::Lite2::ParamMethod::AuthHeader->new; |
16
|
|
|
|
|
|
|
my $header_credentials = $parser->basic_credentials($req); |
17
|
|
|
|
|
|
|
my $client_id = ($header_credentials->{client_id}) ? $header_credentials->{client_id} : $req->param("client_id"); |
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
my $code = $req->param("code") |
20
|
|
|
|
|
|
|
or OAuth::Lite2::Server::Error::InvalidRequest->throw( |
21
|
|
|
|
|
|
|
description => "'code' not found" |
22
|
|
|
|
|
|
|
); |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
my $redirect_uri = $req->param("redirect_uri") |
25
|
|
|
|
|
|
|
or OAuth::Lite2::Server::Error::InvalidRequest->throw( |
26
|
|
|
|
|
|
|
description => "'redirect_uri' not found" |
27
|
|
|
|
|
|
|
); |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
my $server_state = $req->param("server_state"); |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
my $auth_info = $dh->get_auth_info_by_code($code) |
32
|
|
|
|
|
|
|
or OAuth::Lite2::Server::Error::InvalidGrant->throw; |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
Carp::croak "OAuth::Lite2::Server::DataHandler::get_auth_info_by_code doesn't return OAuth::Lite2::Model::AuthInfo" |
35
|
|
|
|
|
|
|
unless ($auth_info |
36
|
|
|
|
|
|
|
&& $auth_info->isa("OIDC::Lite::Model::AuthInfo")); |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
OAuth::Lite2::Server::Error::InvalidClient->throw |
39
|
|
|
|
|
|
|
unless ($auth_info->client_id eq $client_id); |
40
|
|
|
|
|
|
|
|
41
|
|
|
|
|
|
|
OAuth::Lite2::Server::Error::RedirectURIMismatch->throw |
42
|
|
|
|
|
|
|
unless ( $auth_info->redirect_uri |
43
|
|
|
|
|
|
|
&& $auth_info->redirect_uri eq $redirect_uri); |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
if ( $auth_info->server_state ) { |
46
|
|
|
|
|
|
|
OAuth::Lite2::Server::Error::InvalidServerState->throw |
47
|
|
|
|
|
|
|
unless ( $server_state and $server_state eq $auth_info->server_state ); |
48
|
|
|
|
|
|
|
} else { |
49
|
|
|
|
|
|
|
OAuth::Lite2::Server::Error::InvalidServerState->throw if ( $server_state ); |
50
|
|
|
|
|
|
|
} |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
my $access_token = $dh->create_or_update_access_token( |
53
|
|
|
|
|
|
|
auth_info => $auth_info, |
54
|
|
|
|
|
|
|
); |
55
|
|
|
|
|
|
|
Carp::croak "OAuth::Lite2::Server::DataHandler::create_or_update_access_token doesn't return OAuth::Lite2::Model::AccessToken" |
56
|
|
|
|
|
|
|
unless ($access_token |
57
|
|
|
|
|
|
|
&& $access_token->isa("OAuth::Lite2::Model::AccessToken")); |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
my $res = { |
60
|
|
|
|
|
|
|
token_type => 'Bearer', |
61
|
|
|
|
|
|
|
access_token => $access_token->token, |
62
|
|
|
|
|
|
|
}; |
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
$res->{expires_in} = $access_token->expires_in |
65
|
|
|
|
|
|
|
if $access_token->expires_in; |
66
|
|
|
|
|
|
|
$res->{refresh_token} = $auth_info->refresh_token |
67
|
|
|
|
|
|
|
if $auth_info->refresh_token; |
68
|
|
|
|
|
|
|
$res->{scope} = $auth_info->scope |
69
|
|
|
|
|
|
|
if $auth_info->scope; |
70
|
|
|
|
|
|
|
|
71
|
|
|
|
|
|
|
# ID Token |
72
|
|
|
|
|
|
|
$res->{id_token} = $auth_info->id_token |
73
|
|
|
|
|
|
|
if $auth_info->id_token; |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
return $res; |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
=head1 NAME |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
OIDC::Lite::Server::GrantHandler::AuthorizationCode - handler for 'authorization-code' grant_type request |
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
=head1 SYNOPSIS |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
my $handler = OIDC::Lite::Server::GrantHandler::AuthorizationCode->new; |
85
|
|
|
|
|
|
|
my $res = $handler->handle_request( $data_handler ); |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
=head1 DESCRIPTION |
88
|
|
|
|
|
|
|
|
89
|
|
|
|
|
|
|
handler for 'authorization-code' grant_type request. |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
=head1 METHODS |
92
|
|
|
|
|
|
|
|
93
|
|
|
|
|
|
|
=head2 handle_request( $req ) |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
See L document. |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
=head1 AUTHOR |
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
Ryo Ito, Eritou.06@gmail.comE |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
Copyright (C) 2012 by Ryo Ito |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify |
106
|
|
|
|
|
|
|
it under the same terms as Perl itself, either Perl version 5.8.8 or, |
107
|
|
|
|
|
|
|
at your option, any later version of Perl 5 you may have available. |
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
=cut |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
1; |