Add /api/oauth/code API.

authz/authz.go

@@ -71,6 +71,7 @@ p, *, *, POST, /api/login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/auth/login, *, *
+p, *, *, GET, /api/oauth/code, *, *
 p, *, *, GET, /api/oauth/token, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-users, *, *

controllers/token.go

@@ -69,13 +69,23 @@ func (c *ApiController) DeleteToken() {
 	c.ServeJSON()
 }
 
+func (c *ApiController) GetOAuthCode() {
+	clientId := c.Input().Get("client_id")
+	responseType := c.Input().Get("response_type")
+	redirectUri := c.Input().Get("redirect_uri")
+	scope := c.Input().Get("scope")
+	state := c.Input().Get("state")
+
+	c.Data["json"] = object.GetOAuthCode(clientId, responseType, redirectUri, scope, state)
+	c.ServeJSON()
+}
+
 func (c *ApiController) GetOAuthToken() {
-	applicationId := c.Input().Get("app_id")
 	grantType := c.Input().Get("grant_type")
 	clientId := c.Input().Get("client_id")
 	clientSecret := c.Input().Get("client_secret")
-	scope := c.Input().Get("scope")
+	code := c.Input().Get("code")
 
-	c.Data["json"] = object.GetOAuthToken(applicationId, grantType, clientId, clientSecret, scope)
+	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code)
 	c.ServeJSON()
 }

object/application.go

@@ -74,6 +74,20 @@ func getApplication(owner string, name string) *Application {
 	}
 }
 
+func getApplicationByClientId(clientId string) *Application {
+	application := Application{}
+	existed, err := adapter.engine.Where("client_id=?", clientId).Get(&application)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &application
+	} else {
+		return nil
+	}
+}
+
 func GetApplication(id string) *Application {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getApplication(owner, name)

object/token.go

@@ -15,10 +15,17 @@
 package object
 
 import (
+	"strings"
+
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
 
+type Code struct {
+	Message string `xorm:"varchar(100)" json:"message"`
+	Code    string `xorm:"varchar(100)" json:"code"`
+}
+
 type Token struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@@ -26,12 +33,20 @@ type Token struct {
 
 	Application string `xorm:"varchar(100)" json:"application"`
 
+	Code        string `xorm:"varchar(100)" json:"code"`
 	AccessToken string `xorm:"varchar(100)" json:"accessToken"`
 	ExpiresIn   int    `json:"expiresIn"`
 	Scope       string `xorm:"varchar(100)" json:"scope"`
 	TokenType   string `xorm:"varchar(100)" json:"tokenType"`
 }
 
+type TokenWrapper struct {
+	AccessToken string `json:"access_token"`
+	TokenType   string `json:"token_type"`
+	ExpiresIn   int    `json:"expires_in"`
+	Scope       string `json:"scope"`
+}
+
 func GetTokens(owner string) []*Token {
 	tokens := []*Token{}
 	err := adapter.engine.Desc("created_time").Find(&tokens, &Token{Owner: owner})
@@ -56,6 +71,20 @@ func getToken(owner string, name string) *Token {
 	}
 }
 
+func getTokenByCode(code string) *Token {
+	token := Token{}
+	existed, err := adapter.engine.Where("code=?", code).Get(&token)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &token
+	} else {
+		return nil
+	}
+}
+
 func GetToken(id string) *Token {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getToken(owner, name)
@@ -94,15 +123,34 @@ func DeleteToken(token *Token) bool {
 	return affected != 0
 }
 
-func GetOAuthToken(applicationId string, grantType string, clientId string, clientSecret string, scope string) *Token {
-	application := GetApplication(applicationId)
-
-	if grantType != "client_credentials" {
-		return nil
+func GetOAuthCode(clientId string, responseType string, redirectUri string, scope string, state string) *Code {
+	application := getApplicationByClientId(clientId)
+	if application == nil {
+		return &Code{
+			Message: "invalid client_id",
+			Code:    "",
+		}
 	}
 
-	if application.ClientId != clientId || application.ClientSecret != clientSecret {
-		return nil
+	if responseType != "code" {
+		return &Code{
+			Message: "response_type should be \"code\"",
+			Code:    "",
+		}
+	}
+
+	validUri := false
+	for _, url := range application.RedirectUrls {
+		if strings.Contains(redirectUri, url) {
+			validUri = true
+			break
+		}
+	}
+	if !validUri {
+		return &Code{
+			Message: "redirect_uri doesn't exist in the allowed Redirect URL list",
+			Code:    "",
+		}
 	}
 
 	token := &Token{
@@ -110,6 +158,7 @@ func GetOAuthToken(applicationId string, grantType string, clientId string, clie
 		Name:        util.GenerateId(),
 		CreatedTime: util.GetCurrentTime(),
 		Application: application.Name,
+		Code:        util.GenerateClientId(),
 		AccessToken: "",
 		ExpiresIn:   7200,
 		Scope:       scope,
@@ -117,5 +166,66 @@ func GetOAuthToken(applicationId string, grantType string, clientId string, clie
 	}
 	AddToken(token)
 
-	return token
+	return &Code{
+		Message: "",
+		Code:    token.Code,
+	}
+}
+
+func GetOAuthToken(grantType string, clientId string, clientSecret string, code string) *TokenWrapper {
+	application := getApplicationByClientId(clientId)
+	if application == nil {
+		return &TokenWrapper{
+			AccessToken: "invalid client_id",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
+
+	if grantType != "authorization_code" {
+		return &TokenWrapper{
+			AccessToken: "grant_type should be \"authorization_code\"",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
+
+	token := getTokenByCode(code)
+	if token == nil {
+		return &TokenWrapper{
+			AccessToken: "invalid code",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
+
+	if application.Name != token.Application {
+		return &TokenWrapper{
+			AccessToken: "token is for wrong application (client_id)",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
+
+	if application.ClientSecret != clientSecret {
+		return &TokenWrapper{
+			AccessToken: "invalid client_secret",
+			TokenType:   "",
+			ExpiresIn:   0,
+			Scope:       "",
+		}
+	}
+
+	tokenWrapper := &TokenWrapper{
+		AccessToken: token.AccessToken,
+		TokenType:   token.TokenType,
+		ExpiresIn:   token.ExpiresIn,
+		Scope:       token.Scope,
+	}
+
+	return tokenWrapper
 }

routers/router.go

@@ -69,5 +69,6 @@ func initAPI() {
 	beego.Router("/api/update-token", &controllers.ApiController{}, "POST:UpdateToken")
 	beego.Router("/api/add-token", &controllers.ApiController{}, "POST:AddToken")
 	beego.Router("/api/delete-token", &controllers.ApiController{}, "POST:DeleteToken")
+	beego.Router("/api/oauth/code", &controllers.ApiController{}, "GET:GetOAuthCode")
 	beego.Router("/api/oauth/token", &controllers.ApiController{}, "GET:GetOAuthToken")
 }

web/src/TokenEditPage.js

@@ -88,6 +88,16 @@ class TokenEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={2}>
+            {i18next.t("general:Authorization Code")}:
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.token.code} onChange={e => {
+              this.updateTokenField('code', e.target.value);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: '20px'}} >
           <Col style={{marginTop: '5px'}} span={2}>
             {i18next.t("general:Access Token")}:

web/src/TokenListPage.js

@@ -124,6 +124,13 @@ class TokenListPage extends React.Component {
           )
         }
       },
+      {
+        title: i18next.t("token:Authorization Code"),
+        dataIndex: 'code',
+        key: 'code',
+        // width: '150px',
+        sorter: (a, b) => a.code.localeCompare(b.code),
+      },
       {
         title: i18next.t("token:Access Token"),
         dataIndex: 'accessToken',