• Home
• org.http4k
• http4k-security-oauth
• 3.186.0
• source code
• OAuthCallback.kt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.http4k.security.OAuthCallback.kt Maven / Gradle / Ivy

package org.http4k.security

import org.http4k.core.HttpHandler
import org.http4k.core.Request
import org.http4k.core.Response
import org.http4k.core.Status.Companion.TEMPORARY_REDIRECT
import org.http4k.core.toParameters
import org.http4k.security.openid.IdToken
import org.http4k.security.openid.IdTokenConsumer

class OAuthCallback(
    private val oAuthPersistence: OAuthPersistence,
    private val idTokenConsumer: IdTokenConsumer,
    private val accessTokenFetcher: AccessTokenFetcher
) : HttpHandler {

    override fun invoke(request: Request) = request.query("code")
        ?.let { code ->
            val state = request.query("state")?.toParameters() ?: emptyList()
            state.find { it.first == "csrf" }?.second
                ?.let(::CrossSiteRequestForgeryToken)
                ?.takeIf { it == oAuthPersistence.retrieveCsrf(request) }
                ?.let {
                    request.query("id_token")?.let { idTokenConsumer.consumeFromAuthorizationResponse(IdToken(it)) }
                    accessTokenFetcher.fetch(code)
                        ?.let { tokenDetails ->
                            tokenDetails.idToken?.also(idTokenConsumer::consumeFromAccessTokenResponse)

                            val originalUri = state.find { it.first == "uri" }?.second ?: "/"
                            oAuthPersistence.assignToken(request, Response(TEMPORARY_REDIRECT)
                                .header("Location", originalUri), tokenDetails.accessToken)
                        }
                }
        }
        ?: oAuthPersistence.authFailureResponse()
}