package oauth2 import ( "errors" "github.com/gin-gonic/gin" "github.com/gorilla/sessions" ) func getChallenge(ctx *gin.Context) (string, bool) { return ctx.GetQuery("challenge") } func getContinuation(session *sessions.Session) (string, bool) { //https://go.dev/play/p/C0JFsFV6CVa -- Please check the code continuation, ok := session.Values["continuation"].(string) return continuation, ok } func getClientID(session *sessions.Session) (string, bool) { //https://go.dev/play/p/C0JFsFV6CVa -- Please check the code clientID, ok := session.Values["client_id"].(string) return clientID, ok } func ValidateChallenge(ctx *gin.Context, givenClientID string, session *sessions.Session) error { givenChallenge, wasGivenChallenge := getChallenge(ctx) sessionChallenge, haveContinuationInSession := getContinuation(session) sessionClientID, haveClientIDInSession := getClientID(session) if wasGivenChallenge && !haveContinuationInSession { return errors.New("dont have a matchting continuation in storage") } if wasGivenChallenge && !haveClientIDInSession { return errors.New("if you we're challenged, i need to know you") } if wasGivenChallenge && (givenClientID != sessionClientID) { return errors.New("not the right client") } if wasGivenChallenge && (givenChallenge != sessionChallenge) { return errors.New("challenge mismatch") } if !wasGivenChallenge && haveContinuationInSession { return errors.New("you need to challenge me") } return nil }