Merge pull request #713 from ericchiang/example-app-state
cmd/example-app: use a non-empty state
This commit is contained in:
commit
b38d355202
1 changed files with 9 additions and 2 deletions
|
@ -23,6 +23,8 @@ import (
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const exampleAppState = "I wish to wash my irish wristwatch"
|
||||||
|
|
||||||
type app struct {
|
type app struct {
|
||||||
clientID string
|
clientID string
|
||||||
clientSecret string
|
clientSecret string
|
||||||
|
@ -241,9 +243,9 @@ func (a *app) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||||
scopes = append(scopes, "openid", "profile", "email")
|
scopes = append(scopes, "openid", "profile", "email")
|
||||||
if a.offlineAsScope {
|
if a.offlineAsScope {
|
||||||
scopes = append(scopes, "offline_access")
|
scopes = append(scopes, "offline_access")
|
||||||
authCodeURL = a.oauth2Config(scopes).AuthCodeURL("")
|
authCodeURL = a.oauth2Config(scopes).AuthCodeURL(exampleAppState)
|
||||||
} else {
|
} else {
|
||||||
authCodeURL = a.oauth2Config(scopes).AuthCodeURL("", oauth2.AccessTypeOffline)
|
authCodeURL = a.oauth2Config(scopes).AuthCodeURL(exampleAppState, oauth2.AccessTypeOffline)
|
||||||
}
|
}
|
||||||
http.Redirect(w, r, authCodeURL, http.StatusSeeOther)
|
http.Redirect(w, r, authCodeURL, http.StatusSeeOther)
|
||||||
}
|
}
|
||||||
|
@ -254,6 +256,11 @@ func (a *app) handleCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if state := r.FormValue("state"); state != exampleAppState {
|
||||||
|
http.Error(w, fmt.Sprintf("expected state %q got %q", exampleAppState, state), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
code := r.FormValue("code")
|
code := r.FormValue("code")
|
||||||
refresh := r.FormValue("refresh_token")
|
refresh := r.FormValue("refresh_token")
|
||||||
var (
|
var (
|
||||||
|
|
Reference in a new issue