...

Source file src/github.com/ory/fosite/authorize_write.go

Documentation: github.com/ory/fosite 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package fosite
    23  
    24  import (
    25  	"net/http"
    26  )
    27  
    28  func (f *Fosite) WriteAuthorizeResponse(rw http.ResponseWriter, ar AuthorizeRequester, resp AuthorizeResponder) {
    29  	// Set custom headers, e.g. "X-MySuperCoolCustomHeader" or "X-DONT-CACHE-ME"...
    30  	wh := rw.Header()
    31  	rh := resp.GetHeader()
    32  	for k := range rh {
    33  		wh.Set(k, rh.Get(k))
    34  	}
    35  
    36  	wh.Set("Cache-Control", "no-store")
    37  	wh.Set("Pragma", "no-cache")
    38  
    39  	redir := ar.GetRedirectURI()
    40  	switch rm := ar.GetResponseMode(); rm {
    41  	case ResponseModeFormPost:
    42  		//form_post
    43  		rw.Header().Add("Content-Type", "text/html;charset=UTF-8")
    44  		WriteAuthorizeFormPostResponse(redir.String(), resp.GetParameters(), GetPostFormHTMLTemplate(*f), rw)
    45  		return
    46  	case ResponseModeQuery, ResponseModeDefault:
    47  		// Explicit grants
    48  		q := redir.Query()
    49  		rq := resp.GetParameters()
    50  		for k := range rq {
    51  			q.Set(k, rq.Get(k))
    52  		}
    53  		redir.RawQuery = q.Encode()
    54  		sendRedirect(redir.String(), rw)
    55  		return
    56  	case ResponseModeFragment:
    57  		// Implicit grants
    58  		// The endpoint URI MUST NOT include a fragment component.
    59  		redir.Fragment = ""
    60  
    61  		u := redir.String()
    62  		fr := resp.GetParameters()
    63  		if len(fr) > 0 {
    64  			u = u + "#" + fr.Encode()
    65  		}
    66  		sendRedirect(u, rw)
    67  		return
    68  	default:
    69  		if f.ResponseModeHandler().ResponseModes().Has(rm) {
    70  			f.ResponseModeHandler().WriteAuthorizeResponse(rw, ar, resp)
    71  			return
    72  		}
    73  	}
    74  }
    75  
    76  // https://tools.ietf.org/html/rfc6749#section-4.1.1
    77  // When a decision is established, the authorization server directs the
    78  // user-agent to the provided client redirection URI using an HTTP
    79  // redirection response, or by other means available to it via the
    80  // user-agent.
    81  func sendRedirect(url string, rw http.ResponseWriter) {
    82  	rw.Header().Set("Location", url)
    83  	rw.WriteHeader(http.StatusSeeOther)
    84  }
    85  

View as plain text