Add convenience function to authenticate using OAuth2.

This is required for users who have 2-factor authentication enabled, and is generally safer because users don't need to give their password to third-party software.
This commit is contained in:
Ben Lubar 2018-11-21 22:38:04 -06:00 committed by mattn
parent 2ebf34adae
commit c5945152ec
2 changed files with 49 additions and 10 deletions

21
apps.go
View File

@ -18,7 +18,9 @@ type AppConfig struct {
// Where the user should be redirected after authorization (for no redirect, use urn:ietf:wg:oauth:2.0:oob)
RedirectURIs string
// This can be a space-separated list of the following items: "read", "write" and "follow".
// This can be a space-separated list of items listed on the /settings/applications/new page of any Mastodon
// instance. "read", "write", and "follow" are top-level scopes that include all the permissions of the more
// specific scopes like "read:favourites", "write:statuses", and "write:follows".
Scopes string
// Optional.
@ -31,6 +33,9 @@ type Application struct {
RedirectURI string `json:"redirect_uri"`
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
// AuthURI is not part of the Mastodon API; it is generated by go-mastodon.
AuthURI string `json:"auth_uri,omitempty"`
}
// RegisterApp returns the mastodon application.
@ -73,5 +78,19 @@ func RegisterApp(ctx context.Context, appConfig *AppConfig) (*Application, error
return nil, err
}
u, err = url.Parse(appConfig.Server)
if err != nil {
return nil, err
}
u.Path = path.Join(u.Path, "/oauth/authorize")
u.RawQuery = url.Values{
"scope": {appConfig.Scopes},
"response_type": {"code"},
"redirect_uri": {app.RedirectURI},
"client_id": {app.ClientID},
}.Encode()
app.AuthURI = u.String()
return &app, nil
}

View File

@ -130,14 +130,34 @@ func NewClient(config *Config) *Client {
// Authenticate get access-token to the API.
func (c *Client) Authenticate(ctx context.Context, username, password string) error {
params := url.Values{}
params.Set("client_id", c.config.ClientID)
params.Set("client_secret", c.config.ClientSecret)
params.Set("grant_type", "password")
params.Set("username", username)
params.Set("password", password)
params.Set("scope", "read write follow")
params := url.Values{
"client_id": {c.config.ClientID},
"client_secret": {c.config.ClientSecret},
"grant_type": {"password"},
"username": {username},
"password": {password},
"scope": {"read write follow"},
}
return c.authenticate(ctx, params)
}
// AuthenticateToken logs in using a grant token returned by Application.AuthURI.
//
// redirectURI should be the same as Application.RedirectURI.
func (c *Client) AuthenticateToken(ctx context.Context, authCode, redirectURI string) error {
params := url.Values{
"client_id": {c.config.ClientID},
"client_secret": {c.config.ClientSecret},
"grant_type": {"authorization_code"},
"code": {authCode},
"redirect_uri": {redirectURI},
}
return c.authenticate(ctx, params)
}
func (c *Client) authenticate(ctx context.Context, params url.Values) error {
u, err := url.Parse(c.config.Server)
if err != nil {
return err
@ -160,9 +180,9 @@ func (c *Client) Authenticate(ctx context.Context, username, password string) er
return parseAPIError("bad authorization", resp)
}
res := struct {
var res struct {
AccessToken string `json:"access_token"`
}{}
}
err = json.NewDecoder(resp.Body).Decode(&res)
if err != nil {
return err