Granada  1.54.0
Structured layer on top of C++ REST SDK for building server applications in C++. Granada implements sessions, server side plug-in framework, C++ OAuth 2.0 server, data storage access, server script running, server browsing.
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
Public Member Functions | Protected Member Functions | Protected Attributes | Static Protected Attributes | List of all members
granada::http::oauth2::OAuth2Authorization Class Reference

#include <oauth2.h>

Inheritance diagram for granada::http::oauth2::OAuth2Authorization:
granada::http::oauth2::OAuth2Entity granada::http::oauth2::MapOAuth2Authorization granada::http::oauth2::RedisOAuth2Authorization

Public Member Functions

 OAuth2Authorization ()
 
 OAuth2Authorization (const granada::http::oauth2::OAuth2Parameters &oauth2_parameters, granada::http::session::SessionFactory *session_factory)
 
virtual
granada::http::oauth2::OAuth2Parameters 
Grant (web::http::http_request &request, web::http::http_response &response)
 
virtual web::json::value Information ()
 
virtual web::json::value Delete ()
 
- Public Member Functions inherited from granada::http::oauth2::OAuth2Entity
virtual
granada::cache::CacheHandler
cache ()
 
virtual
granada::crypto::Cryptograph
cryptograph ()
 
virtual
granada::crypto::NonceGenerator
nonce_generator ()
 
virtual const bool Exists ()
 
virtual void Load ()
 
virtual void Load (const std::string &identifier)
 

Protected Member Functions

virtual void LoadProperties ()
 
virtual const std::string hash () override
 
virtual void CheckClient (std::unique_ptr< granada::http::oauth2::OAuth2Client > &oauth2_client, granada::http::oauth2::OAuth2Parameters &oauth2_response)
 
virtual void CheckCredentials (granada::http::oauth2::OAuth2Client *oauth2_client, std::unique_ptr< granada::http::oauth2::OAuth2User > &oauth2_user, std::unique_ptr< granada::http::oauth2::OAuth2Code > &oauth2_code, std::unique_ptr< granada::http::session::Session > &oauth2_user_session, granada::http::oauth2::OAuth2Parameters &oauth2_response, web::http::http_request &request, web::http::http_response &response)
 
virtual void CreateCode (std::unique_ptr< granada::http::session::Session > &oauth2_user_session, std::unique_ptr< granada::http::oauth2::OAuth2Code > &oauth2_code, granada::http::oauth2::OAuth2User *oauth2_user, granada::http::oauth2::OAuth2Parameters &oauth2_response, web::http::http_request &request, web::http::http_response &response)
 
virtual void CreateAccessToken (std::vector< std::string > &roles, std::unique_ptr< granada::http::session::Session > &oauth2_user_session, granada::http::oauth2::OAuth2User *oauth2_user, std::unique_ptr< granada::http::oauth2::OAuth2Code > &oauth2_code, granada::http::oauth2::OAuth2Parameters &oauth2_response, web::http::http_request &request, web::http::http_response &response)
 
virtual void CreateRefreshToken (granada::http::session::Session *oauth2_client_session, std::unique_ptr< granada::http::oauth2::OAuth2Code > &oauth2_code, granada::http::oauth2::OAuth2Parameters &oauth2_response)
 
virtual bool CheckRoleAllowance (std::vector< std::string > &roles, granada::http::oauth2::OAuth2Client *oauth2_client, granada::http::oauth2::OAuth2User *oauth2_user)
 
virtual void AssignRolesToClientSession (std::vector< std::string > &roles, const web::json::value &user_roles, granada::http::session::Session *oauth2_client_session)
 
virtual void AssignRolesToOAuth2UserSession (std::unique_ptr< granada::http::session::Session > &oauth2_user_session, const web::json::value &user_roles, web::http::http_request &request, web::http::http_response &response)
 
virtual
granada::http::oauth2::OAuth2Factory
factory ()
 
virtual
granada::http::session::SessionFactory
session_factory ()
 

Protected Attributes

granada::http::session::SessionFactorysession_factory_
 
granada::http::oauth2::OAuth2Parameters oauth2_parameters_
 

Static Protected Attributes

static std::string cache_namespace_
 
static bool oauth2_use_refresh_token_
 

Detailed Description

Authorize a client. Authorization Code Grant and Implicit Grant.

Constructor & Destructor Documentation

granada::http::oauth2::OAuth2Authorization::OAuth2Authorization ( )
inline

Constructor Load properties.

granada::http::oauth2::OAuth2Authorization::OAuth2Authorization ( const granada::http::oauth2::OAuth2Parameters oauth2_parameters,
granada::http::session::SessionFactory session_factory 
)
inline

Constructor Load properties.

Member Function Documentation

virtual void granada::http::oauth2::OAuth2Authorization::AssignRolesToClientSession ( std::vector< std::string > &  roles,
const web::json::value &  user_roles,
granada::http::session::Session oauth2_client_session 
)
protectedvirtual

Assign to a client session a number of roles and also fill the properties of the roles based on the user's roles properties.

Parameters
rolesRoles manage permissions over a certain resource. Example: "msg.insert" role allows the owner of the session to create user's messages.
oauth2_userOauth 2.0 user.
oauth2_client_sessionSession of the OAuth 2.0 client used to access to the user's resources.
virtual void granada::http::oauth2::OAuth2Authorization::AssignRolesToOAuth2UserSession ( std::unique_ptr< granada::http::session::Session > &  oauth2_user_session,
const web::json::value &  user_roles,
web::http::http_request &  request,
web::http::http_response &  response 
)
protectedvirtual

Once a user logs into the authorization server a session is created, this session is used so the user does not have to loggin each time a client request an authorization over his resources. This session has to contain the user's roles (permissions) and it's properties so we can then give them to the client if requested.

Parameters
oauth2_user_sessionThe session of the user logged in the authorization server.
oauth2_userOAuth 2.0 user. Used to get the roles and its properties and give them to the session.
requestHTTP request.
responseHTTP response.
virtual void granada::http::oauth2::OAuth2Authorization::CheckClient ( std::unique_ptr< granada::http::oauth2::OAuth2Client > &  oauth2_client,
granada::http::oauth2::OAuth2Parameters oauth2_response 
)
protectedvirtual

Checks the validity of a client based on the client URI and the client id. If something is wrong explicit it in oauth2_response filling the error and the error_description members.

Parameters
oauth2_clientOAuth 2.0 client.
oauth2_responseOAuth 2.0 parameters.
virtual void granada::http::oauth2::OAuth2Authorization::CheckCredentials ( granada::http::oauth2::OAuth2Client oauth2_client,
std::unique_ptr< granada::http::oauth2::OAuth2User > &  oauth2_user,
std::unique_ptr< granada::http::oauth2::OAuth2Code > &  oauth2_code,
std::unique_ptr< granada::http::session::Session > &  oauth2_user_session,
granada::http::oauth2::OAuth2Parameters oauth2_response,
web::http::http_request &  request,
web::http::http_response &  response 
)
protectedvirtual

Checks the validity of the provided code, client credentials or user credentials, depending on the grant type and the provided credentials. If something is wrong explicit it in oauth2_response filling the error and the error_description members.

Parameters
oauth2_clientOAuth 2.0 client. Used in case we need to check client credentials.
oauth2_userOAuth 2.0 user. Used in case we need to check user credential.
oauth2_codeOAuth 2.0 code. Used in case a code has been provided and we need to check its validity.
oauth2_user_sessionSession. In case the user has already provided his credentials before, he is already "logged" in our system, we don't try to validate his credentials, instead we check that his session is valid and retrieve the username from the session properties.
oauth2_responseOAuth 2.0 parameters containing the response: error, code or access token.
requestHTTP request.
responseHTTP response.
virtual bool granada::http::oauth2::OAuth2Authorization::CheckRoleAllowance ( std::vector< std::string > &  roles,
granada::http::oauth2::OAuth2Client oauth2_client,
granada::http::oauth2::OAuth2User oauth2_user 
)
protectedvirtual

Checks if the code or token requested are allowed to have the asked scope or level of acces to the user's resources. Talking about server sessions: if they are allowed to have the asked roles. This function checks if the client is allowed to have the asked role AND if the user is allowed to give the client the authorization to have the asked role.

Parameters
rolesRoles manage permissions over a certain resource. Example: "msg.insert" role allows the owner of the session to create user's messages.
oauth2_clientOAuth 2.0 client.
oauth2_userOauth 2.0 user.
Returns
True if the client is allowed to have the asked roles and the user can authorize the client to have them.
virtual void granada::http::oauth2::OAuth2Authorization::CreateAccessToken ( std::vector< std::string > &  roles,
std::unique_ptr< granada::http::session::Session > &  oauth2_user_session,
granada::http::oauth2::OAuth2User oauth2_user,
std::unique_ptr< granada::http::oauth2::OAuth2Code > &  oauth2_code,
granada::http::oauth2::OAuth2Parameters oauth2_response,
web::http::http_request &  request,
web::http::http_response &  response 
)
protectedvirtual

Creates a token that permits to have a limited access to some user's ressources. If something goes wrong explicit it in oauth2_response filling the error and the error_description members.

Parameters
rolesRoles we want to give to the "token" (in fact it will be the session that will hold the roles not the token).
oauth2_user_sessionThe session of the user logged in the authorization server.
oauth2_userOAuth 2.0 user. Used to get the roles of a user to store them as a maximum scope in his session. Only in case of an implicit grant.
oauth2_codeAuth 2.0 code. Code that will be used in case we want to create a refresh token. (Refresh tokens are in our case the same as an OAuth 2.0 code).
oauth2_responseOAuth 2.0 parameters containing the response: error or generated code.
requestHTTP request.
responseHTTP response.
virtual void granada::http::oauth2::OAuth2Authorization::CreateCode ( std::unique_ptr< granada::http::session::Session > &  oauth2_user_session,
std::unique_ptr< granada::http::oauth2::OAuth2Code > &  oauth2_code,
granada::http::oauth2::OAuth2User oauth2_user,
granada::http::oauth2::OAuth2Parameters oauth2_response,
web::http::http_request &  request,
web::http::http_response &  response 
)
protectedvirtual

Creates an OAuth 2.0 unique code for a client so it can then use it to request an acces_token to have access to user's resources. If something goes wrong explicit it in oauth2_response filling the error and the error_description members.

Parameters
oauth2_user_sessionThe session of the user logged in the authorization server.
oauth2_codeOAuth 2.0 code. Will be filled with new data.
oauth2_userOAuth 2.0 user. Used to get the roles of a user to store them as a maximum scope in his session.
oauth2_responseOAuth 2.0 parameters containing the response: error or generated code.
requestHTTP request.
responseHTTP response.
virtual void granada::http::oauth2::OAuth2Authorization::CreateRefreshToken ( granada::http::session::Session oauth2_client_session,
std::unique_ptr< granada::http::oauth2::OAuth2Code > &  oauth2_code,
granada::http::oauth2::OAuth2Parameters oauth2_response 
)
protectedvirtual

Creates a refresh token. The refresh token can be used to obtain new access tokens using the same authorization grant.

Parameters
oauth2_client_sessionOAuth 2.0 client session created when creating an access token. So it is the session that allows the client to access the user's resources.
oauth2_codeIt is the refresh token. Refresh tokens are in our case the same as an OAuth 2.0 code
oauth2_responseOAuth 2.0 parameters containing the response: error or generated code.
virtual web::json::value granada::http::oauth2::OAuth2Authorization::Delete ( )
virtual

Delete the authorization given by a user to a client by deleting the codes and access_tokens and closing the sessions used by the client to access the resources of the user.

Returns
Returns the return JSON of the Information() function.
virtual granada::http::oauth2::OAuth2Factory* granada::http::oauth2::OAuth2Authorization::factory ( )
inlineprotectedvirtual
virtual granada::http::oauth2::OAuth2Parameters granada::http::oauth2::OAuth2Authorization::Grant ( web::http::http_request &  request,
web::http::http_response &  response 
)
virtual

Process Grant code authorization, Implicit grant, access token request.

Parameters
requestHTTP request.
responseHTTP response;
Returns
OAuth 2.0 parameters containing the response: error, code or access token.
virtual const std::string granada::http::oauth2::OAuth2Authorization::hash ( )
inlineoverrideprotectedvirtual

Returns the key made with the user, the client, the code and the session identifiers. This key is used to search the clients authorized by a user and their codes/tokens and consequently limit the clients authorizations when the user decides. Examples: Authorization Code Grant: oauth2.authorization:johndoe:gida8fZEFh9abpkg:Gkt2DkEv94jXLhOV7ezd8tdTro2qwOnjNM30hAAJrNPDllUBnzk9cxsIfMA1ecsY:Gkt2DkEv94jXLhOV7ezd8tdTro2qwOnjNM30hAAJrNPDllUBnzk9cxsIfMA1ecs52 oauth2.authorization:johndoe:gida8fZEFh9abpkg:Gkt2DkEv94jXLhOV7ezd8tdTro2qwOnjNM30hAAJrNPDllUBnzk9cxsIfMA1ecsY: Implicit Grant: oauth2.authorization:johndoe:gida8fZEFh9abpkg::Gkt2DkEv94jXLhOV7ezd8tdTro2qwOnjNM30hAAJrNPDllUBnzk9cxsIfMA1ecs52

Returns
Key made with the user, the client, the code and the session identifiers.

Reimplemented from granada::http::oauth2::OAuth2Entity.

virtual web::json::value granada::http::oauth2::OAuth2Authorization::Information ( )
virtual

Returns information about the clients authorized by a given user or the codes used by a client to obtain access_tokens. The username and the client_id are taken from the oauth2_parameters_ member.

Returns
JSON containing an array with the clients authorized by a user or a list with the codes used by a client.
virtual void granada::http::oauth2::OAuth2Authorization::LoadProperties ( )
protectedvirtual

Loads properties given in the configuration file, if properties are not found, then default values included in granada/defaults.dat file are used.

Reimplemented from granada::http::oauth2::OAuth2Entity.

virtual granada::http::session::SessionFactory* granada::http::oauth2::OAuth2Authorization::session_factory ( )
inlineprotectedvirtual

Member Data Documentation

std::string granada::http::oauth2::OAuth2Authorization::cache_namespace_
staticprotected

Namespace of the key of the entity data in the cache. Example: If we have the key : oauth2.client:value:L05l6pFaPFgZbtP9 => namespace is : oauth2.client:value:

granada::http::oauth2::OAuth2Parameters granada::http::oauth2::OAuth2Authorization::oauth2_parameters_
protected

OAuth 2.0 Parameters. Parameters for use with the authorization endpoint, the token endpoint and the information and deletion endpoint.

bool granada::http::oauth2::OAuth2Authorization::oauth2_use_refresh_token_
staticprotected

If true when client request an access token a refresh token is also delivered. The refresh token can be used to obtain new access tokens using the same authorization grant.

granada::http::session::SessionFactory* granada::http::oauth2::OAuth2Authorization::session_factory_
protected

Session check point. Allows to have a unique point for checking and setting sessions. It is used to create a new session without knowing its type. Used to create OAuth 2.0 user sessions and OAuth 2.0 client sessions.


The documentation for this class was generated from the following file: