Merge pull request #38 from dbalduini/break-client-auth

Break client auth

Author: tsuyoshizawa

play2-oauth2-provider/src/main/scala/scalaoauth2/provider/OAuth2Provider.scala

@@ -110,16 +110,16 @@ trait OAuth2BaseProvider extends Results {
 trait OAuth2Provider extends OAuth2BaseProvider {
 
   /**
-   * Issue access token in DataHandler process and return the response to client.
+   * Issue access token in AuthorizationHandler process and return the response to client.
    *
-   * @param dataHandler Implemented DataHander for register access token to your system.
+   * @param handler Implemented AuthorizationHandler for register access token to your system.
    * @param request Playframework is provided HTTP request interface.
    * @tparam A play.api.mvc.Request has type.
    * @return Request is successful then return JSON to client in OAuth 2.0 format.
    *         Request is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def issueAccessToken[A, U](dataHandler: DataHandler[U], timeout: Duration = 60.seconds)(implicit request: Request[A]): Result = {
-    val f = tokenEndpoint.handleRequest(request, dataHandler).map {
+  def issueAccessToken[A, U](handler: AuthorizationHandler[U], timeout: Duration = 60.seconds)(implicit request: Request[A]): Result = {
+    val f = tokenEndpoint.handleRequest(request, handler).map {
       case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
       case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
       case Right(r) => Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache")
@@ -129,17 +129,17 @@ trait OAuth2Provider extends OAuth2BaseProvider {
   }
 
   /**
-   * Authorize to already created access token in DataHandler process and return the response to client.
+   * Authorize to already created access token in ProtectedResourceHandler process and return the response to client.
    *
-   * @param dataHandler Implemented DataHander for authenticate to your system.
+   * @param handler Implemented ProtectedResourceHandler for authenticate to your system.
    * @param callback Callback is called when authentication is successful.
    * @param request Playframework is provided HTTP request interface.
    * @tparam A play.api.mvc.Request has type.
    * @return Authentication is successful then the response use your API result.
    *         Authentication is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def authorize[A, U](dataHandler: DataHandler[U], timeout: Duration = 60.seconds)(callback: AuthInfo[U] => Result)(implicit request: Request[A]): Result = {
-    val f = protectedResource.handleRequest(request, dataHandler).map {
+  def authorize[A, U](handler: ProtectedResourceHandler[U], timeout: Duration = 60.seconds)(callback: AuthInfo[U] => Result)(implicit request: Request[A]): Result = {
+    val f = protectedResource.handleRequest(request, handler).map {
       case Left(e) if e.statusCode == 400 => BadRequest.withHeaders(responseOAuthErrorHeader(e))
       case Left(e) if e.statusCode == 401 => Unauthorized.withHeaders(responseOAuthErrorHeader(e))
       case Right(authInfo) => callback(authInfo)
@@ -183,34 +183,34 @@ trait OAuth2Provider extends OAuth2BaseProvider {
 trait OAuth2AsyncProvider extends OAuth2BaseProvider {
 
   /**
-   * Issue access token in DataHandler process and return the response to client.
+   * Issue access token in AuthorizationHandler process and return the response to client.
    *
-   * @param dataHandler Implemented DataHander for register access token to your system.
+   * @param handler Implemented AuthorizationHandler for register access token to your system.
    * @param request Playframework is provided HTTP request interface.
    * @tparam A play.api.mvc.Request has type.
    * @return Request is successful then return JSON to client in OAuth 2.0 format.
    *         Request is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def issueAccessToken[A, U](dataHandler: DataHandler[U])(implicit request: Request[A]): Future[Result] = {
-    tokenEndpoint.handleRequest(request, dataHandler).map {
+  def issueAccessToken[A, U](handler: AuthorizationHandler[U])(implicit request: Request[A]): Future[Result] = {
+    tokenEndpoint.handleRequest(request, handler).map {
       case Left(e) if e.statusCode == 400 => BadRequest(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
       case Left(e) if e.statusCode == 401 => Unauthorized(responseOAuthErrorJson(e)).withHeaders(responseOAuthErrorHeader(e))
       case Right(r) => Ok(Json.toJson(responseAccessToken(r))).withHeaders("Cache-Control" -> "no-store", "Pragma" -> "no-cache")
     }
   }
 
   /**
-   * Authorize to already created access token in DataHandler process and return the response to client.
+   * Authorize to already created access token in ProtectedResourceHandler process and return the response to client.
    *
-   * @param dataHandler Implemented DataHander for authenticate to your system.
+   * @param handler Implemented ProtectedResourceHandler for authenticate to your system.
    * @param callback Callback is called when authentication is successful.
    * @param request Playframework is provided HTTP request interface.
    * @tparam A play.api.mvc.Request has type.
    * @return Authentication is successful then the response use your API result.
    *         Authentication is failed then return BadRequest or Unauthorized status to client with cause into the JSON.
    */
-  def authorize[A, U](dataHandler: DataHandler[U])(callback: AuthInfo[U] => Future[Result])(implicit request: Request[A]): Future[Result] = {
-    protectedResource.handleRequest(request, dataHandler).flatMap {
+  def authorize[A, U](handler: ProtectedResourceHandler[U])(callback: AuthInfo[U] => Future[Result])(implicit request: Request[A]): Future[Result] = {
+    protectedResource.handleRequest(request, handler).flatMap {
       case Left(e) if e.statusCode == 400 => Future.successful(BadRequest.withHeaders(responseOAuthErrorHeader(e)))
       case Left(e) if e.statusCode == 401 => Future.successful(Unauthorized.withHeaders(responseOAuthErrorHeader(e)))
       case Right(authInfo) => callback(authInfo)

project/Build.scala

@@ -4,7 +4,7 @@ import Keys._
 object ScalaOAuth2Build extends Build {
 
   lazy val _organization = "com.nulab-inc"
-  lazy val _version =  "0.10.0"
+  lazy val _version =  "0.11.0-SNAPSHOT"
   lazy val _playVersion = "2.3.4"
 
   val _scalaVersion = "2.10.4"

scala-oauth2-core/src/main/scala/scalaoauth2/provider/AuthorizationHandler.scala

@@ -0,0 +1,125 @@
+package scalaoauth2.provider
+
+import scala.concurrent.Future
+
+/**
+ * Provide <b>Authorization</b> phases support for using OAuth 2.0.
+ *
+ * <h3>[Authorization phases]</h3>
+ * 
+ * <h4>Authorization Code Grant</h4>
+ * <ul>
+ *   <li>validateClient(clientCredential, grantType)</li>
+ *   <li>findAuthInfoByCode(code)</li>
+ *   <li>getStoredAccessToken(authInfo)</li>
+ *   <li>isAccessTokenExpired(token)</li>
+ *   <li>refreshAccessToken(authInfo, token)
+ *   <li>createAccessToken(authInfo)</li>
+ * </ul>
+ * 
+ * <h4>Refresh Token Grant</h4>
+ * <ul>
+ *   <li>validateClient(clientCredential, grantType)</li>
+ *   <li>findAuthInfoByRefreshToken(refreshToken)</li>
+ *   <li>refreshAccessToken(authInfo, refreshToken)</li>
+ * </ul>
+ * 
+ * <h4>Resource Owner Password Credentials Grant</h4>
+ * <ul>
+ *   <li>validateClient(clientCredential, grantType)</li>
+ *   <li>findUser(username, password)</li>
+ *   <li>getStoredAccessToken(authInfo)</li>
+ *   <li>isAccessTokenExpired(token)</li>
+ *   <li>refreshAccessToken(authInfo, token)
+ *   <li>createAccessToken(authInfo)</li>
+ * </ul>
+ * 
+ * <h4>Client Credentials Grant</h4>
+ * <ul>
+ *   <li>validateClient(clientCredential, grantType)</li>
+ *   <li>findClientUser(clientCredential)</li>
+ *   <li>getStoredAccessToken(authInfo)</li>
+ *   <li>isAccessTokenExpired(token)</li>
+ *   <li>refreshAccessToken(authInfo, token)
+ *   <li>createAccessToken(authInfo)</li>
+ * </ul>
+ *
+ */
+trait AuthorizationHandler[U] {
+
+  /**
+   * Verify proper client with parameters for issue an access token.
+   *
+   * @param clientCredential Client sends clientId and clientSecret which are registered by application.
+   * @param grantType Client sends this value which is registered by application.
+   * @return true if request is a regular client, false if request is a illegal client.
+   */
+  def validateClient(clientCredential: ClientCredential, grantType: String): Future[Boolean]
+
+  /**
+   * Find userId with username and password these are used on your system.
+   * If you don't support Resource Owner Password Credentials Grant then doesn't need implementing.
+   *
+   * @param username Client sends this value which is used on your system.
+   * @param password Client sends this value which is used on your system.
+   * @return Including UserId to Option if could find the user, None if couldn't find.
+   */
+  def findUser(username: String, password: String): Future[Option[U]]
+
+  /**
+   * Creates a new access token by authorized information.
+   *
+   * @param authInfo This value is already authorized by system.
+   * @return Access token returns to client.
+   */
+  def createAccessToken(authInfo: AuthInfo[U]): Future[AccessToken]
+
+  /**
+   * Returns stored access token by authorized information.
+   *
+   * If want to create new access token then have to return None
+   *
+   * @param authInfo This value is already authorized by system.
+   * @return Access token returns to client.
+   */
+  def getStoredAccessToken(authInfo: AuthInfo[U]): Future[Option[AccessToken]]
+
+  /**
+   * Creates a new access token by refreshToken.
+   *
+   * @param authInfo This value is already authorized by system.
+   * @return Access token returns to client.
+   */
+  def refreshAccessToken(authInfo: AuthInfo[U], refreshToken: String): Future[AccessToken]
+
+  /**
+   * Find authorized information by authorization code.
+   *
+   * If you don't support Authorization Code Grant then doesn't need implementing.
+   *
+   * @param code Client sends authorization code which is registered by system.
+   * @return Return authorized information that matched the code.
+   */
+  def findAuthInfoByCode(code: String): Future[Option[AuthInfo[U]]]
+
+  /**
+   * Find authorized information by refresh token.
+   *
+   * If you don't support Refresh Token Grant then doesn't need implementing.
+   *
+   * @param refreshToken Client sends refresh token which is created by system.
+   * @return Return authorized information that matched the refresh token.
+   */
+  def findAuthInfoByRefreshToken(refreshToken: String): Future[Option[AuthInfo[U]]]
+
+  /**
+   * Find user by clientId and clientSecret.
+   *
+   * If you don't support Client Credentials Grant then doesn't need implementing.
+   *
+   * @param clientCredential Client sends clientId and clientSecret which are registered by application.
+   * @return Return user that matched both values.
+   */
+  def findClientUser(clientCredential: ClientCredential, scope: Option[String]): Future[Option[U]]
+
+}