llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Improve message in GetOAuthToken().

Browse Source
This commit is contained in:
Yang Luo 2022-02-08 20:52:20 +08:00
parent bd38552db5
commit 612b5f5c2e
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
object/token.go
View File

@ -283,7 +283,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
if code == "" {
return &TokenWrapper{
AccessToken: "error: code should not be empty",
AccessToken: "error: authorization code should not be empty",
TokenType: "",
ExpiresIn: 0,
Scope: "",
@ -293,7 +293,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
token := getTokenByCode(code)
if token == nil {
return &TokenWrapper{
AccessToken: "error: invalid code",
AccessToken: "error: invalid authorization code",
TokenType: "",
ExpiresIn: 0,
Scope: "",
@ -317,6 +317,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
Scope: "",
}
}
if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
return &TokenWrapper{
AccessToken: "error: incorrect code_verifier",
@ -325,21 +326,21 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
Scope: "",
}
}
if token.CodeIsUsed {
//Resist replay attacks, if the code is reused, the token generated with this code will be deleted
DeleteToken(token)
// anti replay attacks
return &TokenWrapper{
AccessToken: "error: code has been used.",
AccessToken: "error: authorization code has been used",
TokenType: "",
ExpiresIn: 0,
Scope: "",
}
}
if time.Now().Unix() > token.CodeExpireIn {
//can only use the code to generate a token within five minutes
DeleteToken(token)
// code must be used within 5 minutes
return &TokenWrapper{
AccessToken: "error: code has expired",
AccessToken: "error: authorization code has expired",
TokenType: "",
ExpiresIn: 0,
Scope: "",