llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 20:50:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix OAuth error response (#835)

Browse Source 
* fix: fix OAuth error response

* fix: provide more detailed error messages for TokenError
This commit is contained in:
aecra
2022-07-01 14:53:34 +08:00
committed by GitHub
parent aa5078de15
commit f0431701c9
5 changed files with 257 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
controllers/token.go
View File

@ -165,6 +165,8 @@ func (c *ApiController) GetOAuthCode() {
// @Param client_secret query string true "OAuth client secret" // @Param client_secret query string true "OAuth client secret"
// @Param code query string true "OAuth code" // @Param code query string true "OAuth code"
// @Success 200 {object} object.TokenWrapper The Response object // @Success 200 {object} object.TokenWrapper The Response object
// @Success 400 {object} object.TokenError The Response object
// @Success 401 {object} object.TokenError The Response object
// @router /login/oauth/access_token [post] // @router /login/oauth/access_token [post]
func (c *ApiController) GetOAuthToken() { func (c *ApiController) GetOAuthToken() {
grantType := c.Input().Get("grant_type") grantType := c.Input().Get("grant_type")
@ -200,6 +202,7 @@ func (c *ApiController) GetOAuthToken() {
host := c.Ctx.Request.Host host := c.Ctx.Request.Host
c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, tag, avatar) c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, tag, avatar)
c.SetTokenErrorHttpStatus()
c.ServeJSON() c.ServeJSON()
} }
@ -213,6 +216,8 @@ func (c *ApiController) GetOAuthToken() {
// @Param client_id query string true "OAuth client id" // @Param client_id query string true "OAuth client id"
// @Param client_secret query string false "OAuth client secret" // @Param client_secret query string false "OAuth client secret"
// @Success 200 {object} object.TokenWrapper The Response object // @Success 200 {object} object.TokenWrapper The Response object
// @Success 400 {object} object.TokenError The Response object
// @Success 401 {object} object.TokenError The Response object
// @router /login/oauth/refresh_token [post] // @router /login/oauth/refresh_token [post]
func (c *ApiController) RefreshToken() { func (c *ApiController) RefreshToken() {
grantType := c.Input().Get("grant_type") grantType := c.Input().Get("grant_type")
@ -235,6 +240,7 @@ func (c *ApiController) RefreshToken() {
} }
c.Data["json"] = object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host) c.Data["json"] = object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
c.SetTokenErrorHttpStatus()
c.ServeJSON() c.ServeJSON()
} }
@ -270,6 +276,8 @@ func (c *ApiController) TokenLogout() {
// @Param token formData string true "access_token's value or refresh_token's value" // @Param token formData string true "access_token's value or refresh_token's value"
// @Param token_type_hint formData string true "the token type access_token or refresh_token" // @Param token_type_hint formData string true "the token type access_token or refresh_token"
// @Success 200 {object} object.IntrospectionResponse The Response object // @Success 200 {object} object.IntrospectionResponse The Response object
// @Success 400 {object} object.TokenError The Response object
// @Success 401 {object} object.TokenError The Response object
// @router /login/oauth/introspect [post] // @router /login/oauth/introspect [post]
func (c *ApiController) IntrospectToken() { func (c *ApiController) IntrospectToken() {
tokenValue := c.Input().Get("token") tokenValue := c.Input().Get("token")
@ -279,12 +287,21 @@ func (c *ApiController) IntrospectToken() {
clientSecret = c.Input().Get("client_secret") clientSecret = c.Input().Get("client_secret")
if clientId == "" || clientSecret == "" { if clientId == "" || clientSecret == "" {
c.ResponseError("empty clientId or clientSecret") c.ResponseError("empty clientId or clientSecret")
c.Data["json"] = &object.TokenError{
Error: object.INVALID_REQUEST,
}
c.SetTokenErrorHttpStatus()
c.ServeJSON()
return return
} }
} }
application := object.GetApplicationByClientId(clientId) application := object.GetApplicationByClientId(clientId)
if application == nil || application.ClientSecret != clientSecret { if application == nil || application.ClientSecret != clientSecret {
c.ResponseError("invalid application or wrong clientSecret") c.ResponseError("invalid application or wrong clientSecret")
c.Data["json"] = &object.TokenError{
Error: object.INVALID_CLIENT,
}
c.SetTokenErrorHttpStatus()
return return
} }
token := object.GetTokenByTokenAndApplication(tokenValue, application.Name) token := object.GetTokenByTokenAndApplication(tokenValue, application.Name)

17
controllers/util.go
View File

@ -51,6 +51,23 @@ func (c *ApiController) ResponseError(error string, data ...interface{}) {
c.ServeJSON() c.ServeJSON()
} }
// SetTokenErrorHttpStatus ...
func (c *ApiController) SetTokenErrorHttpStatus() {
_, ok := c.Data["json"].(*object.TokenError)
if ok {
if c.Data["json"].(*object.TokenError).Error == object.INVALID_CLIENT {
c.Ctx.Output.SetStatus(401)
c.Ctx.Output.Header("WWW-Authenticate", "Basic realm=\"OAuth2\"")
} else {
c.Ctx.Output.SetStatus(400)
}
}
_, ok = c.Data["json"].(*object.TokenWrapper)
if ok {
c.Ctx.Output.SetStatus(200)
}
}
// RequireSignedIn ... // RequireSignedIn ...
func (c *ApiController) RequireSignedIn() (string, bool) { func (c *ApiController) RequireSignedIn() (string, bool) {
userId := c.GetSessionUsername() userId := c.GetSessionUsername()

230
object/token.go
View File

@ -17,7 +17,6 @@ package object
import ( import (
"crypto/sha256" "crypto/sha256"
"encoding/base64" "encoding/base64"
"errors"
"fmt" "fmt"
"strings" "strings"
"time" "time"
@ -29,6 +28,13 @@ import (
const ( const (
hourSeconds = 3600 hourSeconds = 3600
INVALID_REQUEST = "invalid_request"
INVALID_CLIENT = "invalid_client"
INVALID_GRANT = "invalid_grant"
UNAUTHORIZED_CLIENT = "unauthorized_client"
UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type"
INVALID_SCOPE = "invalid_scope"
ENDPOINT_ERROR = "endpoint_error"
) )
type Code struct { type Code struct {
@ -63,7 +69,11 @@ type TokenWrapper struct {
TokenType string `json:"token_type"` TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"` ExpiresIn int `json:"expires_in"`
Scope string `json:"scope"` Scope string `json:"scope"`
Error string `json:"error,omitempty"` }
type TokenError struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description,omitempty"`
} }
type IntrospectionResponse struct { type IntrospectionResponse struct {
@ -311,59 +321,42 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
} }
} }
func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string, tag string, avatar string) interface{} {
func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string, tag string, avatar string) *TokenWrapper {
var errString string
application := GetApplicationByClientId(clientId) application := GetApplicationByClientId(clientId)
if application == nil { if application == nil {
errString = "error: invalid client_id" return &TokenError{
return &TokenWrapper{ Error: INVALID_CLIENT,
AccessToken: errString, ErrorDescription: "client_id is invalid",
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
//Check if grantType is allowed in the current application //Check if grantType is allowed in the current application
if !IsGrantTypeValid(grantType, application.GrantTypes) && tag == "" { if !IsGrantTypeValid(grantType, application.GrantTypes) && tag == "" {
errString = fmt.Sprintf("error: grant_type: %s is not supported in this application", grantType) return &TokenError{
return &TokenWrapper{ Error: UNSUPPORTED_GRANT_TYPE,
AccessToken: errString, ErrorDescription: fmt.Sprintf("grant_type: %s is not supported in this application", grantType),
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
var token *Token var token *Token
var err error var tokenError *TokenError
switch grantType { switch grantType {
case "authorization_code": // Authorization Code Grant case "authorization_code": // Authorization Code Grant
token, err = GetAuthorizationCodeToken(application, clientSecret, code, verifier) token, tokenError = GetAuthorizationCodeToken(application, clientSecret, code, verifier)
case "password": // Resource Owner Password Credentials Grant case "password": // Resource Owner Password Credentials Grant
token, err = GetPasswordToken(application, username, password, scope, host) token, tokenError = GetPasswordToken(application, username, password, scope, host)
case "client_credentials": // Client Credentials Grant case "client_credentials": // Client Credentials Grant
token, err = GetClientCredentialsToken(application, clientSecret, scope, host) token, tokenError = GetClientCredentialsToken(application, clientSecret, scope, host)
} }
if tag == "wechat_miniprogram" { if tag == "wechat_miniprogram" {
// Wechat Mini Program // Wechat Mini Program
token, err = GetWechatMiniProgramToken(application, code, host, username, avatar) token, tokenError = GetWechatMiniProgramToken(application, code, host, username, avatar)
} }
if err != nil { if tokenError != nil {
errString = err.Error() return tokenError
return &TokenWrapper{
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
} }
token.CodeIsUsed = true token.CodeIsUsed = true
@ -380,81 +373,59 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
return tokenWrapper return tokenWrapper
} }
func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) *TokenWrapper { func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) interface{} {
var errString string
// check parameters // check parameters
if grantType != "refresh_token" { if grantType != "refresh_token" {
errString = "error: grant_type should be \"refresh_token\"" return &TokenError{
return &TokenWrapper{ Error: UNSUPPORTED_GRANT_TYPE,
AccessToken: errString, ErrorDescription: "grant_type should be refresh_token",
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
application := GetApplicationByClientId(clientId) application := GetApplicationByClientId(clientId)
if application == nil { if application == nil {
errString = "error: invalid client_id" return &TokenError{
return &TokenWrapper{ Error: INVALID_CLIENT,
AccessToken: errString, ErrorDescription: "client_id is invalid",
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
if clientSecret != "" && application.ClientSecret != clientSecret { if clientSecret != "" && application.ClientSecret != clientSecret {
errString = "error: invalid client_secret" return &TokenError{
return &TokenWrapper{ Error: INVALID_CLIENT,
AccessToken: errString, ErrorDescription: "client_secret is invalid",
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
// check whether the refresh token is valid, and has not expired. // check whether the refresh token is valid, and has not expired.
token := Token{RefreshToken: refreshToken} token := Token{RefreshToken: refreshToken}
existed, err := adapter.Engine.Get(&token) existed, err := adapter.Engine.Get(&token)
if err != nil || !existed { if err != nil || !existed {
errString = "error: invalid refresh_token" return &TokenError{
return &TokenWrapper{ Error: INVALID_GRANT,
AccessToken: errString, ErrorDescription: "refresh token is invalid, expired or revoked",
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
cert := getCertByApplication(application) cert := getCertByApplication(application)
_, err = ParseJwtToken(refreshToken, cert) _, err = ParseJwtToken(refreshToken, cert)
if err != nil { if err != nil {
errString := fmt.Sprintf("error: %s", err.Error()) return &TokenError{
return &TokenWrapper{ Error: INVALID_GRANT,
AccessToken: errString, ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
// generate a new token // generate a new token
user := getUser(application.Organization, token.User) user := getUser(application.Organization, token.User)
if user.IsForbidden { if user.IsForbidden {
errString = "error: the user is forbidden to sign in, please contact the administrator" return &TokenError{
return &TokenWrapper{ Error: INVALID_GRANT,
AccessToken: errString, ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
} }
} }
newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope, host) newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope, host)
if err != nil { if err != nil {
panic(err) return &TokenError{
Error: ENDPOINT_ERROR,
ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
}
} }
newToken := &Token{ newToken := &Token{
@ -508,63 +479,99 @@ func IsGrantTypeValid(method string, grantTypes []string) bool {
} }
// Authorization code flow // Authorization code flow
func GetAuthorizationCodeToken(application *Application, clientSecret string, code string, verifier string) (*Token, error) { func GetAuthorizationCodeToken(application *Application, clientSecret string, code string, verifier string) (*Token, *TokenError) {
if code == "" { if code == "" {
return nil, errors.New("error: authorization code should not be empty") return nil, &TokenError{
Error: INVALID_REQUEST,
ErrorDescription: "authorization code should not be empty",
}
} }
token := getTokenByCode(code) token := getTokenByCode(code)
if token == nil { if token == nil {
return nil, errors.New("error: invalid authorization code") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "authorization code is invalid",
}
} }
if token.CodeIsUsed { if token.CodeIsUsed {
// anti replay attacks // anti replay attacks
return nil, errors.New("error: authorization code has been used") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "authorization code has been used",
}
} }
if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge { if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
return nil, errors.New("error: incorrect code_verifier") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "verifier is invalid",
}
} }
if application.ClientSecret != clientSecret { if application.ClientSecret != clientSecret {
// when using PKCE, the Client Secret can be empty, // when using PKCE, the Client Secret can be empty,
// but if it is provided, it must be accurate. // but if it is provided, it must be accurate.
if token.CodeChallenge == "" { if token.CodeChallenge == "" {
return nil, errors.New("error: invalid client_secret") return nil, &TokenError{
Error: INVALID_CLIENT,
ErrorDescription: "client_secret is invalid",
}
} else { } else {
if clientSecret != "" { if clientSecret != "" {
return nil, errors.New("error: invalid client_secret") return nil, &TokenError{
Error: INVALID_CLIENT,
ErrorDescription: "client_secret is invalid",
}
} }
} }
} }
if application.Name != token.Application { if application.Name != token.Application {
return nil, errors.New("error: the token is for wrong application (client_id)") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "the token is for wrong application (client_id)",
}
} }
if time.Now().Unix() > token.CodeExpireIn { if time.Now().Unix() > token.CodeExpireIn {
// code must be used within 5 minutes // code must be used within 5 minutes
return nil, errors.New("error: authorization code has expired") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "authorization code has expired",
}
} }
return token, nil return token, nil
} }
// Resource Owner Password Credentials flow // Resource Owner Password Credentials flow
func GetPasswordToken(application *Application, username string, password string, scope string, host string) (*Token, error) { func GetPasswordToken(application *Application, username string, password string, scope string, host string) (*Token, *TokenError) {
user := getUser(application.Organization, username) user := getUser(application.Organization, username)
if user == nil { if user == nil {
return nil, errors.New("error: the user does not exist") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "the user does not exist",
}
} }
msg := CheckPassword(user, password) msg := CheckPassword(user, password)
if msg != "" { if msg != "" {
return nil, errors.New("error: invalid username or password") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "invalid username or password",
}
} }
if user.IsForbidden { if user.IsForbidden {
return nil, errors.New("error: the user is forbidden to sign in, please contact the administrator") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
}
} }
accessToken, refreshToken, err := generateJwtToken(application, user, "", scope, host) accessToken, refreshToken, err := generateJwtToken(application, user, "", scope, host)
if err != nil { if err != nil {
return nil, err return nil, &TokenError{
Error: ENDPOINT_ERROR,
ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
}
} }
token := &Token{ token := &Token{
Owner: application.Owner, Owner: application.Owner,
@ -586,9 +593,12 @@ func GetPasswordToken(application *Application, username string, password string
} }
// Client Credentials flow // Client Credentials flow
func GetClientCredentialsToken(application *Application, clientSecret string, scope string, host string) (*Token, error) { func GetClientCredentialsToken(application *Application, clientSecret string, scope string, host string) (*Token, *TokenError) {
if application.ClientSecret != clientSecret { if application.ClientSecret != clientSecret {
return nil, errors.New("error: invalid client_secret") return nil, &TokenError{
Error: INVALID_CLIENT,
ErrorDescription: "client_secret is invalid",
}
} }
nullUser := &User{ nullUser := &User{
Owner: application.Owner, Owner: application.Owner,
@ -597,7 +607,10 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
} }
accessToken, _, err := generateJwtToken(application, nullUser, "", scope, host) accessToken, _, err := generateJwtToken(application, nullUser, "", scope, host)
if err != nil { if err != nil {
return nil, err return nil, &TokenError{
Error: ENDPOINT_ERROR,
ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
}
} }
token := &Token{ token := &Token{
Owner: application.Owner, Owner: application.Owner,
@ -643,25 +656,37 @@ func GetTokenByUser(application *Application, user *User, scope string, host str
} }
// Wechat Mini Program flow // Wechat Mini Program flow
func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string) (*Token, error) { func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string) (*Token, *TokenError) {
mpProvider := GetWechatMiniProgramProvider(application) mpProvider := GetWechatMiniProgramProvider(application)
if mpProvider == nil { if mpProvider == nil {
return nil, errors.New("error: the application does not support wechat mini program") return nil, &TokenError{
Error: INVALID_CLIENT,
ErrorDescription: "the application does not support wechat mini program",
}
} }
provider := GetProvider(util.GetId(mpProvider.Name)) provider := GetProvider(util.GetId(mpProvider.Name))
mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret) mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
session, err := mpIdp.GetSessionByCode(code) session, err := mpIdp.GetSessionByCode(code)
if err != nil { if err != nil {
return nil, err return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: fmt.Sprintf("get wechat mini program session error: %s", err.Error()),
}
} }
openId, unionId := session.Openid, session.Unionid openId, unionId := session.Openid, session.Unionid
if openId == "" && unionId == "" { if openId == "" && unionId == "" {
return nil, errors.New("err: WeChat's openid and unionid are empty") return nil, &TokenError{
Error: INVALID_REQUEST,
ErrorDescription: "the wechat mini program session is invalid",
}
} }
user := getUserByWechatId(openId, unionId) user := getUserByWechatId(openId, unionId)
if user == nil { if user == nil {
if !application.EnableSignUp { if !application.EnableSignUp {
return nil, errors.New("err: the application does not allow to sign up new account") return nil, &TokenError{
Error: INVALID_GRANT,
ErrorDescription: "the application does not allow to sign up new account",
}
} }
//Add new user //Add new user
var name string var name string
@ -691,7 +716,10 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
accessToken, refreshToken, err := generateJwtToken(application, user, "", "", host) accessToken, refreshToken, err := generateJwtToken(application, user, "", "", host)
if err != nil { if err != nil {
return nil, err return nil, &TokenError{
Error: ENDPOINT_ERROR,
ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
}
} }
token := &Token{ token := &Token{

62
swagger/swagger.json
View File

@ -2194,6 +2194,18 @@
"schema": { "schema": {
"$ref": "#/definitions/object.TokenWrapper" "$ref": "#/definitions/object.TokenWrapper"
} }
},
"400": {
"description": "The Response object",
"schema": {
"$ref": "#/definitions/object.TokenError"
}
},
"401": {
"description": "The Response object",
"schema": {
"$ref": "#/definitions/object.TokenError"
}
} }
} }
} }
@ -2285,6 +2297,18 @@
"schema": { "schema": {
"$ref": "#/definitions/object.IntrospectionResponse" "$ref": "#/definitions/object.IntrospectionResponse"
} }
},
"400": {
"description": "The Response object",
"schema": {
"$ref": "#/definitions/object.TokenError"
}
},
"401": {
"description": "The Response object",
"schema": {
"$ref": "#/definitions/object.TokenError"
}
} }
} }
} }
@ -2377,6 +2401,18 @@
"schema": { "schema": {
"$ref": "#/definitions/object.TokenWrapper" "$ref": "#/definitions/object.TokenWrapper"
} }
},
"400": {
"description": "The Response object",
"schema": {
"$ref": "#/definitions/object.TokenError"
}
},
"401": {
"description": "The Response object",
"schema": {
"$ref": "#/definitions/object.TokenError"
}
} }
} }
} }
@ -3063,11 +3099,11 @@
} }
}, },
"definitions": { "definitions": {
"2200.0xc0003c4b70.false": { "2127.0xc000398090.false": {
"title": "false", "title": "false",
"type": "object" "type": "object"
}, },
"2235.0xc0003c4ba0.false": { "2161.0xc0003980c0.false": {
"title": "false", "title": "false",
"type": "object" "type": "object"
}, },
@ -3082,6 +3118,9 @@
"content": { "content": {
"type": "string" "type": "string"
}, },
"provider": {
"type": "string"
},
"receivers": { "receivers": {
"type": "array", "type": "array",
"items": { "items": {
@ -3182,10 +3221,10 @@
"type": "object", "type": "object",
"properties": { "properties": {
"data": { "data": {
"$ref": "#/definitions/2200.0xc0003c4b70.false" "$ref": "#/definitions/2127.0xc000398090.false"
}, },
"data2": { "data2": {
"$ref": "#/definitions/2235.0xc0003c4ba0.false" "$ref": "#/definitions/2161.0xc0003980c0.false"
}, },
"msg": { "msg": {
"type": "string" "type": "string"
@ -4209,6 +4248,18 @@
} }
} }
}, },
"object.TokenError": {
"title": "TokenError",
"type": "object",
"properties": {
"error": {
"type": "string"
},
"error_description": {
"type": "string"
}
}
},
"object.TokenWrapper": { "object.TokenWrapper": {
"title": "TokenWrapper", "title": "TokenWrapper",
"type": "object", "type": "object",
@ -4216,9 +4267,6 @@
"access_token": { "access_token": {
"type": "string" "type": "string"
}, },
"error": {
"type": "string"
},
"expires_in": { "expires_in": {
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"

44
swagger/swagger.yml
View File

@ -1435,6 +1435,14 @@ paths:
description: The Response object description: The Response object
schema: schema:
$ref: '#/definitions/object.TokenWrapper' $ref: '#/definitions/object.TokenWrapper'
"400":
description: The Response object
schema:
$ref: '#/definitions/object.TokenError'
"401":
description: The Response object
schema:
$ref: '#/definitions/object.TokenError'
/api/login/oauth/code: /api/login/oauth/code:
post: post:
tags: tags:
@ -1497,6 +1505,14 @@ paths:
description: The Response object description: The Response object
schema: schema:
$ref: '#/definitions/object.IntrospectionResponse' $ref: '#/definitions/object.IntrospectionResponse'
"400":
description: The Response object
schema:
$ref: '#/definitions/object.TokenError'
"401":
description: The Response object
schema:
$ref: '#/definitions/object.TokenError'
/api/login/oauth/logout: /api/login/oauth/logout:
get: get:
tags: tags:
@ -1559,6 +1575,14 @@ paths:
description: The Response object description: The Response object
schema: schema:
$ref: '#/definitions/object.TokenWrapper' $ref: '#/definitions/object.TokenWrapper'
"400":
description: The Response object
schema:
$ref: '#/definitions/object.TokenError'
"401":
description: The Response object
schema:
$ref: '#/definitions/object.TokenError'
/api/logout: /api/logout:
post: post:
tags: tags:
@ -2005,10 +2029,10 @@ paths:
- Verification API - Verification API
operationId: ApiController.VerifyCaptcha operationId: ApiController.VerifyCaptcha
definitions: definitions:
2200.0xc0003c4b70.false: 2127.0xc000398090.false:
title: "false" title: "false"
type: object type: object
2235.0xc0003c4ba0.false: 2161.0xc0003980c0.false:
title: "false" title: "false"
type: object type: object
Response: Response:
@ -2020,6 +2044,8 @@ definitions:
properties: properties:
content: content:
type: string type: string
provider:
type: string
receivers: receivers:
type: array type: array
items: items:
@ -2087,9 +2113,9 @@ definitions:
type: object type: object
properties: properties:
data: data:
$ref: '#/definitions/2200.0xc0003c4b70.false' $ref: '#/definitions/2127.0xc000398090.false'
data2: data2:
$ref: '#/definitions/2235.0xc0003c4ba0.false' $ref: '#/definitions/2161.0xc0003980c0.false'
msg: msg:
type: string type: string
name: name:
@ -2776,14 +2802,20 @@ definitions:
type: string type: string
user: user:
type: string type: string
object.TokenError:
title: TokenError
type: object
properties:
error:
type: string
error_description:
type: string
object.TokenWrapper: object.TokenWrapper:
title: TokenWrapper title: TokenWrapper
type: object type: object
properties: properties:
access_token: access_token:
type: string type: string
error:
type: string
expires_in: expires_in:
type: integer type: integer
format: int64 format: int64