_ = require 'lodash'
assert = require 'assert'
co = require 'co'
module.exports =
oauth2:
url:
_ = require 'lodash'
assert = require 'assert'
co = require 'co'
module.exports =
oauth2:
url:
Authorization URL to seek user authorization
authorize: 'https://abc.com/auth/oauth2/authorize/'
URL for verifying token
verify: 'https://abc.com/auth/oauth2/verify/'
URL for acquiring token
token: 'https://abc.com/auth/oauth2/token/'
default grant_type for resource owner password crendential grant
grant_type: 'password'
client:
client id for resource owner password credential grant or client credential grant
id: 'client_id'
client secret for resource owner password credential grant or client credential grant
secret: 'client_secret'
user:
user id for acquiring token via resource owner password credential grant
id: 'user_id'
user secret for acquireing token via resource owner password credential grant
secret: 'user_secret'
required scope for user to authorize or verifying token
scope: [
'User'
]
acquire token for resource owner password credentials grant from oauth2 server
opts:
url:
token: url to acquire token
client:
id: client id
secret: client secret
user:
user: user id
secret: user secret
scope: [
'User'
...
]
getToken: (opts) ->
{url, grant_type, client, user, scope} = opts
opts =
'Content-Type': 'application/x-www-form-urlencoded'
username: client.id
password: client.secret
data = {}
data =
grant_type: grant_type
scope: scope.join(' ')
if grant_type == 'password'
_.extend data,
username: user.id
password: user.secret
api = sails.config.api()
res = yield api.post url.token, data, opts
api.ok res, 200
res.body.access_token
verify token with input url
opts:
url:
verify: url to verify token
scope: [
'User'
...
]
token: token to be verified
verify: (opts) ->
{url, scope, token} = opts
opts =
headers:
Authorization: "Bearer #{token}"
api = sails.config.api()
res = yield api.get(url.verify, null, opts)
api.ok res, 200
result = _.intersection scope, res.body.scope.split(' ')
assert result.length == scope.length, "Unauthorizated access to #{scope}"
res.body
function to acquire token even if expired
opts:
getToken: function to acquire token
url:
verify: url to verify token
scope: [
'User'
...
]
validToken: (opts) ->
cond = ->
not opts.token
action = -> co ->
while true
{token, getToken, url, scope} = opts
try
verified = yield module.exports.oauth2.verify opts
return opts.token
catch err
opts.token = yield getToken opts
yield sails.config.Promise.until cond, action
.then ->
opts.token
return customized opts with oauth2 bearer
getOpts: (opts) ->
ret =
rejectUnauthorized: false
headers:
Authorization: "Bearer #{yield module.exports.oauth2.validToken sails.config.oauth2}"
_.extend ret, opts