oauth2.h

/***
* ==++==
*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ==--==
* =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
*
* HTTP Library: Oauth 2.0
*
* For the latest on this and related APIs, please see http://casablanca.codeplex.com.
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
****/
#pragma once

#ifndef _CASA_OAUTH2_H
#define _CASA_OAUTH2_H

#include "cpprest/http_msg.h"

namespace web
{
namespace http
{
namespace client
{
    // Forward declaration to avoid circular include dependency.
    class http_client_config;
}

namespace oauth2
{
namespace details
{

class oauth2_handler;

// Constant strings for OAuth 2.0.
typedef utility::string_t oauth2_string;
class oauth2_strings
{
public:
#define _OAUTH2_STRINGS
#define DAT(a_, b_) _ASYNCRTIMP static const oauth2_string a_;
#include "cpprest/details/http_constants.dat"
#undef _OAUTH2_STRINGS
#undef DAT
};

} // namespace web::http::oauth2::details

namespace experimental
{

class oauth2_exception : public std::exception
{
public:
    oauth2_exception(utility::string_t msg) : m_msg(utility::conversions::to_utf8string(std::move(msg))) {}
    ~oauth2_exception() CPPREST_NOEXCEPT {}
    const char* what() const CPPREST_NOEXCEPT { return m_msg.c_str(); }

private:
    std::string m_msg;
};

class oauth2_token
{
public:

    enum { undefined_expiration = -1 };

    oauth2_token(utility::string_t access_token=utility::string_t()) :
        m_access_token(std::move(access_token)),
        m_expires_in(undefined_expiration)
    {}

    bool is_valid_access_token() const { return !access_token().empty(); }

    const utility::string_t& access_token() const { return m_access_token; }
    void set_access_token(utility::string_t access_token) { m_access_token = std::move(access_token); }

    const utility::string_t& refresh_token() const { return m_refresh_token; }
    void set_refresh_token(utility::string_t refresh_token) { m_refresh_token = std::move(refresh_token); }

    const utility::string_t& token_type() const { return m_token_type; }
    void set_token_type(utility::string_t token_type) { m_token_type = std::move(token_type); }

    const utility::string_t& scope() const { return m_scope; }
    void set_scope(utility::string_t scope) { m_scope = std::move(scope); }

    int64_t expires_in() const { return m_expires_in; }
    void set_expires_in(int64_t expires_in) { m_expires_in = expires_in; }

private:
    utility::string_t m_access_token;
    utility::string_t m_refresh_token;
    utility::string_t m_token_type;
    utility::string_t m_scope;
    int64_t m_expires_in;
};

class oauth2_config
{
public:

    oauth2_config(utility::string_t client_key, utility::string_t client_secret,
            utility::string_t auth_endpoint, utility::string_t token_endpoint,
            utility::string_t redirect_uri, utility::string_t scope=utility::string_t()) :
                m_client_key(std::move(client_key)),
                m_client_secret(std::move(client_secret)),
                m_auth_endpoint(std::move(auth_endpoint)),
                m_token_endpoint(std::move(token_endpoint)),
                m_redirect_uri(std::move(redirect_uri)),
                m_scope(std::move(scope)),
                m_implicit_grant(false),
                m_bearer_auth(true),
                m_http_basic_auth(true),
                m_access_token_key(details::oauth2_strings::access_token)
    {}

    _ASYNCRTIMP utility::string_t build_authorization_uri(bool generate_state);

    _ASYNCRTIMP pplx::task<void> token_from_redirected_uri(const web::http::uri& redirected_uri);

    pplx::task<void> token_from_code(utility::string_t authorization_code)
    {
        uri_builder ub;
        ub.append_query(details::oauth2_strings::grant_type, details::oauth2_strings::authorization_code, false);
        ub.append_query(details::oauth2_strings::code, uri::encode_data_string(std::move(authorization_code)), false);
        ub.append_query(details::oauth2_strings::redirect_uri, uri::encode_data_string(redirect_uri()), false);
        return _request_token(ub);
    }

    pplx::task<void> token_from_refresh()
    {
        uri_builder ub;
        ub.append_query(details::oauth2_strings::grant_type, details::oauth2_strings::refresh_token, false);
        ub.append_query(details::oauth2_strings::refresh_token, uri::encode_data_string(token().refresh_token()), false);
        return _request_token(ub);
    }

    bool is_enabled() const { return token().is_valid_access_token(); }

    const utility::string_t& client_key() const { return m_client_key; }
    void set_client_key(utility::string_t client_key) { m_client_key = std::move(client_key); }

    const utility::string_t& client_secret() const { return m_client_secret; }
    void set_client_secret(utility::string_t client_secret) { m_client_secret = std::move(client_secret); }

    const utility::string_t& auth_endpoint() const { return m_auth_endpoint; }
    void set_auth_endpoint(utility::string_t auth_endpoint) { m_auth_endpoint = std::move(auth_endpoint); }

    const utility::string_t& token_endpoint() const { return m_token_endpoint; }
    void set_token_endpoint(utility::string_t token_endpoint) { m_token_endpoint = std::move(token_endpoint); }

    const utility::string_t& redirect_uri() const { return m_redirect_uri; }
    void set_redirect_uri(utility::string_t redirect_uri) { m_redirect_uri = std::move(redirect_uri); }

    const utility::string_t& scope() const { return m_scope; }
    void set_scope(utility::string_t scope) { m_scope = std::move(scope); }

    const utility::string_t& state() { return m_state; }
    void set_state(utility::string_t state) { m_state = std::move(state); }

    const oauth2_token& token() const { return m_token; }
    void set_token(oauth2_token token) { m_token = std::move(token); }

    bool implicit_grant() const { return m_implicit_grant; }
    void set_implicit_grant(bool implicit_grant) { m_implicit_grant = implicit_grant; }

    bool bearer_auth() const { return m_bearer_auth; }
    void set_bearer_auth(bool bearer_auth) { m_bearer_auth = bearer_auth; }

    bool http_basic_auth() const { return m_http_basic_auth; }
    void set_http_basic_auth(bool http_basic_auth) { m_http_basic_auth = http_basic_auth; }

    const utility::string_t&  access_token_key() const { return m_access_token_key; }
    void set_access_token_key(utility::string_t access_token_key) { m_access_token_key = std::move(access_token_key); }
    
    const web_proxy& proxy() const
    {
        return m_proxy;
    }

    void set_proxy(const web_proxy& proxy)
    {
        m_proxy = proxy;
    }

private:
    friend class web::http::client::http_client_config;
    friend class web::http::oauth2::details::oauth2_handler;

    oauth2_config() :
        m_implicit_grant(false),
        m_bearer_auth(true),
        m_http_basic_auth(true)
    {}

    _ASYNCRTIMP pplx::task<void> _request_token(uri_builder& request_body);

    oauth2_token _parse_token_from_json(const json::value& token_json);

    void _authenticate_request(http_request &req) const
    {
        if (bearer_auth())
        {
            req.headers().add(header_names::authorization, _XPLATSTR("Bearer ") + token().access_token());
        }
        else
        {
            uri_builder ub(req.request_uri());
            ub.append_query(access_token_key(), token().access_token());
            req.set_request_uri(ub.to_uri());
        }
    }

    utility::string_t m_client_key;
    utility::string_t m_client_secret;
    utility::string_t m_auth_endpoint;
    utility::string_t m_token_endpoint;
    utility::string_t m_redirect_uri;
    utility::string_t m_scope;
    utility::string_t m_state;

    web::web_proxy m_proxy;

    bool m_implicit_grant;
    bool m_bearer_auth;
    bool m_http_basic_auth;
    utility::string_t m_access_token_key;

    oauth2_token m_token;

    utility::nonce_generator m_state_generator;
};

} // namespace web::http::oauth2::experimental

namespace details
{

class oauth2_handler : public http_pipeline_stage
{
public:
    oauth2_handler(std::shared_ptr<experimental::oauth2_config> cfg) :
        m_config(std::move(cfg))
    {}

    virtual pplx::task<http_response> propagate(http_request request) override
    {
        if (m_config)
        {
            m_config->_authenticate_request(request);
        }
        return next_stage()->propagate(request);
    }

private:
    std::shared_ptr<experimental::oauth2_config> m_config;
};

}}}}

#endif