llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 04:10:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: support OIDC device flow: "/api/device-auth" (#3757)

Browse Source
This commit is contained in:
DacongDA
2025-04-30 23:42:26 +08:00
committed by GitHub
parent 36f5de3203
commit 383bf44391
12 changed files with 252 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
controllers/token.go
View File

@ -16,6 +16,7 @@ package controllers
import (
"encoding/json"
"time"
"github.com/beego/beego/utils/pagination"
"github.com/casdoor/casdoor/object"
@ -170,12 +171,17 @@ func (c *ApiController) GetOAuthToken() {
tag := c.Input().Get("tag")
avatar := c.Input().Get("avatar")
refreshToken := c.Input().Get("refresh_token")
deviceCode := c.Input().Get("device_code")
if clientId == "" && clientSecret == "" {
clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
}
if len(c.Ctx.Input.RequestBody) != 0 {
if grantType == "urn:ietf:params:oauth:grant-type:device_code" {
clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
}
if len(c.Ctx.Input.RequestBody) != 0 && grantType != "urn:ietf:params:oauth:grant-type:device_code" {
// If clientId is empty, try to read data from RequestBody
var tokenRequest TokenRequest
err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest)
@ -219,6 +225,40 @@ func (c *ApiController) GetOAuthToken() {
}
}
if deviceCode != "" {
deviceAuthCache, ok := object.DeviceAuthMap.Load(deviceCode)
if !ok {
c.Data["json"] = object.TokenError{
Error: "expired_token",
ErrorDescription: "token is expired",
}
c.ServeJSON()
return
}
deviceAuthCacheCast := deviceAuthCache.(object.DeviceAuthCache)
if !deviceAuthCacheCast.UserSignIn {
c.Data["json"] = object.TokenError{
Error: "authorization_pending",
ErrorDescription: "authorization pending",
}
c.ServeJSON()
return
}
if deviceAuthCacheCast.RequestAt.Add(time.Second * 120).Before(time.Now()) {
c.Data["json"] = object.TokenError{
Error: "expired_token",
ErrorDescription: "token is expired",
}
c.ServeJSON()
return
}
object.DeviceAuthMap.Delete(deviceCode)
username = deviceAuthCacheCast.UserName
}
host := c.Ctx.Request.Host
token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, nonce, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
if err != nil {