119 lines
3.0 KiB
Go
119 lines
3.0 KiB
Go
|
package auth
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"encoding/json"
|
||
|
"fmt"
|
||
|
"net/http"
|
||
|
"strings"
|
||
|
"time"
|
||
|
|
||
|
"github.com/google/go-querystring/query"
|
||
|
)
|
||
|
|
||
|
type Auth struct {
|
||
|
client *http.Client
|
||
|
|
||
|
clientId string
|
||
|
clientSecret string
|
||
|
redirectUri string
|
||
|
|
||
|
stateStorage StateStorage
|
||
|
}
|
||
|
|
||
|
func New(clientId string, clientSecret string, redirectUri string) *Auth {
|
||
|
return NewWithClient(clientId, clientSecret, redirectUri, http.DefaultClient)
|
||
|
}
|
||
|
|
||
|
func NewWithClient(clientId string, clientSecret string, redirectUri string, client *http.Client) *Auth {
|
||
|
return &Auth{
|
||
|
client: client,
|
||
|
|
||
|
clientId: clientId,
|
||
|
clientSecret: clientSecret,
|
||
|
redirectUri: redirectUri,
|
||
|
|
||
|
stateStorage: NewHttpCookieStateStorage(StateStorageCookie),
|
||
|
}
|
||
|
}
|
||
|
|
||
|
const TokenUrl = "https://id.twitch.tv/oauth2/token"
|
||
|
|
||
|
type GetTokenParams struct {
|
||
|
ClientId string `url:"client_id"`
|
||
|
ClientSecret string `url:"client_secret"`
|
||
|
Code string `url:"code"`
|
||
|
GrantType string `url:"grant_type"`
|
||
|
RedirectUri string `url:"redirect_uri"`
|
||
|
}
|
||
|
|
||
|
// GetToken exchanges an authorization code or refresh token for an access token.
|
||
|
func (a *Auth) GetToken(ctx context.Context, params *GetTokenParams) (*Token, error) {
|
||
|
v, err := query.Values(params)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost, TokenUrl, strings.NewReader(v.Encode()))
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||
|
|
||
|
res, err := a.client.Do(req)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
defer res.Body.Close()
|
||
|
|
||
|
statusOK := res.StatusCode >= 200 && res.StatusCode < 300
|
||
|
if !statusOK {
|
||
|
return nil, fmt.Errorf("failed to get token (%d)", res.StatusCode)
|
||
|
}
|
||
|
|
||
|
var token Token
|
||
|
if err := json.NewDecoder(res.Body).Decode(&token); err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
token.Expiry = time.Now().Add(time.Duration(token.ExpiresIn) * time.Second)
|
||
|
|
||
|
return &token, nil
|
||
|
}
|
||
|
|
||
|
// GetTokenFromCode exchanges an authorization code for an access token.
|
||
|
//
|
||
|
// https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#oidc-authorization-code-grant-flow
|
||
|
func (a *Auth) GetTokenFromCode(ctx context.Context, code string) (*Token, error) {
|
||
|
return a.GetToken(ctx, &GetTokenParams{
|
||
|
ClientId: a.clientId,
|
||
|
ClientSecret: a.clientSecret,
|
||
|
Code: code,
|
||
|
GrantType: "authorization_code",
|
||
|
RedirectUri: a.redirectUri,
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// RefreshToken exchanges a refresh token for an access token.
|
||
|
//
|
||
|
// https://dev.twitch.tv/docs/authentication/refresh-tokens/
|
||
|
func (a *Auth) RefreshToken(ctx context.Context, token *Token) (*Token, error) {
|
||
|
return a.GetToken(ctx, &GetTokenParams{
|
||
|
ClientId: a.clientId,
|
||
|
ClientSecret: a.clientSecret,
|
||
|
Code: token.RefreshToken,
|
||
|
GrantType: "refresh_token",
|
||
|
RedirectUri: a.redirectUri,
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// WithStateStorage sets the instance's state storage,
|
||
|
// which is used to store the state parameter between requests.
|
||
|
//
|
||
|
// By default, the http cookie state storage is used.
|
||
|
func (a *Auth) WithStateStorage(storage StateStorage) *Auth {
|
||
|
a.stateStorage = storage
|
||
|
|
||
|
return a
|
||
|
}
|