Merge pull request #34 from sns-sdks/feat-confidential

feat(oauth2): ✨ update oauth2 for confidential client
sns-sdks · Apr 7, 2022 · c9218e4 · c9218e4
2 parents 7f95e42 + e755eb6
commit c9218e4
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 19 deletions.
diff --git a/example/authorization_oauth2.go b/example/authorization_oauth2.go
@@ -8,14 +8,26 @@ import (
 var (
 	ClientID          = "Your app client ID"
 	OAuth2CallbackURL = "https://localhost/" // Your redirect uri
+	// ClientSecret      = "Your app client secret"
 )
 
 func main() {
 	app := twitter.OAuth2AuthorizationAPP{
 		ClientID:    ClientID,
 		CallbackURL: OAuth2CallbackURL,
+		Scopes:      []string{"tweet.read", "users.read"},
 	}
-	authUrl, verifier := app.GetOAuth2AuthorizationURL()
+	// If your app is `confidential client`, you can initial as follows
+	/*
+		app := twitter.OAuth2AuthorizationAPP{
+			ClientID:     ClientID,
+			ClientSecret: ClientSecret,
+			CallbackURL:  OAuth2CallbackURL,
+			Scopes:       []string{"tweet.read", "users.read"},
+		}
+	*/
+
+	authUrl, verifier, _ := app.GetOAuth2AuthorizationURL()
 
 	fmt.Println("Click the authorization url: " + authUrl)
 	fmt.Println("Enter redirect response: ")
@@ -30,6 +42,6 @@ func main() {
 	fmt.Printf("Get user token: %v", token)
 
 	cli := app.GetUserClient()
-	followers, err := cli.Users.GetFollowers("Your id", twitter.FollowsOpts{})
-	fmt.Println(followers, err)
+	user, err := cli.Users.LookupMe(twitter.UserOpts{})
+	fmt.Println(user, err)
 }
diff --git a/twitter/authorization_oauth2.go b/twitter/authorization_oauth2.go
@@ -18,11 +18,12 @@ var OAuth2Endpoint = oauth2.Endpoint{
 
 // OAuth2AuthorizationAPP Twitter OAuth2 app config
 type OAuth2AuthorizationAPP struct {
-	ClientID    string         `json:"client_id"`
-	CallbackURL string         `json:"callback_url,omitempty"`
-	Scopes      []string       `json:"scopes,omitempty"`
-	Token       *oauth2.Token  `json:"access_token,omitempty"`
-	Config      *oauth2.Config `json:"config,omitempty"`
+	ClientID     string         `json:"client_id"`
+	ClientSecret string         `json:"client_secret,omitempty"`
+	CallbackURL  string         `json:"callback_url,omitempty"`
+	Scopes       []string       `json:"scopes,omitempty"`
+	Token        *oauth2.Token  `json:"access_token,omitempty"`
+	Config       *oauth2.Config `json:"config,omitempty"`
 }
 
 func (app OAuth2AuthorizationAPP) String() string {
@@ -32,23 +33,28 @@ func (app OAuth2AuthorizationAPP) String() string {
 // NewOAuth2AuthorizationAPP Return app for oauth2 authorization
 func NewOAuth2AuthorizationAPP(app OAuth2AuthorizationAPP) *OAuth2AuthorizationAPP {
 	app.Config = &oauth2.Config{
-		ClientID:    app.ClientID,
-		RedirectURL: app.CallbackURL,
-		Scopes:      app.Scopes,
-		Endpoint:    OAuth2Endpoint,
+		ClientID:     app.ClientID,
+		ClientSecret: app.ClientSecret,
+		RedirectURL:  app.CallbackURL,
+		Scopes:       app.Scopes,
+		Endpoint:     OAuth2Endpoint,
+	}
+	// If provide client secret, will use confidential clients.
+	if app.Config.ClientSecret != "" {
+		app.Config.Endpoint.AuthStyle = oauth2.AuthStyleInHeader
 	}
 	return &app
 }
 
 // GetOAuth2AuthorizationURL Return authorization url and code verifier for user
-func (app *OAuth2AuthorizationAPP) GetOAuth2AuthorizationURL() (string, string) {
+func (app *OAuth2AuthorizationAPP) GetOAuth2AuthorizationURL() (string, string, string) {
 	state := GenerateNonce()
 	verifier := GenerateCodeVerifier(128)
 
 	challengeOpt := oauth2.SetAuthURLParam("code_challenge", PkCEChallengeWithSHA256(verifier))
 	challengeMethodOpt := oauth2.SetAuthURLParam("code_challenge_method", "s256")
 
-	return app.Config.AuthCodeURL(state, challengeOpt, challengeMethodOpt), verifier
+	return app.Config.AuthCodeURL(state, challengeOpt, challengeMethodOpt), verifier, state
 }
 
 // GenerateAccessToken Generate user access token for the app

diff --git a/twitter/authorization_oauth2_test.go b/twitter/authorization_oauth2_test.go
@@ -15,9 +15,10 @@ type Auth2Suite struct {
 
 func (auth *Auth2Suite) SetupSuite() {
 	auth.app = NewOAuth2AuthorizationAPP(OAuth2AuthorizationAPP{
-		ClientID:    "client id",
-		CallbackURL: "https://localhost/",
-		Scopes:      []string{"users.read", "tweet.read"},
+		ClientID:     "client id",
+		ClientSecret: "client secret",
+		CallbackURL:  "https://localhost/",
+		Scopes:       []string{"users.read", "tweet.read"},
 	})
 }
 
@@ -34,7 +35,7 @@ func TestAuth2Suite(t *testing.T) {
 }
 
 func (auth *Auth2Suite) TestGetAuthorizationURL() {
-	authUrl, verifier := auth.app.GetOAuth2AuthorizationURL()
+	authUrl, verifier, _ := auth.app.GetOAuth2AuthorizationURL()
 	auth.NotNil(authUrl)
 	auth.NotNil(verifier)
 }

diff --git a/twitter/strings_test.go b/twitter/strings_test.go
@@ -92,7 +92,7 @@ func TestString(t *testing.T) {
 		{TweetDeletedStatus{Deleted: Bool(true)}, `twitter.TweetDeletedStatus{Deleted:true}`},
 		{APIError{Title: "error"}, `twitter.APIError{ClientID:"", RequiredEnrollment:"", RegistrationUrl:"", Title:"error", Detail:"", Reason:"", Type:"", Status:0, Errors:<nil>}`},
 		{AuthorizationAPP{ConsumerKey: "123", ConsumerSecret: ""}, `twitter.AuthorizationAPP{ConsumerKey:"123", ConsumerSecret:"", CallbackURL:"", AccessTokenKey:"", AccessTokenSecret:"", RequestSecret:""}`},
-		{OAuth2AuthorizationAPP{ClientID: "asfasfa123124"}, `twitter.OAuth2AuthorizationAPP{ClientID:"asfasfa123124", CallbackURL:""}`},
+		{OAuth2AuthorizationAPP{ClientID: "asfasfa123124"}, `twitter.OAuth2AuthorizationAPP{ClientID:"asfasfa123124", ClientSecret:"", CallbackURL:""}`},
 		{UserResp{Data: &User{ID: String("123456")}}, `twitter.UserResp{Data:twitter.User{ID:"123456"}}`},
 		{UsersResp{Data: []*User{{ID: String("123456")}}}, `twitter.UsersResp{Data:[twitter.User{ID:"123456"}]}`},
 		{TweetResp{Data: &Tweet{ID: String("123")}}, `twitter.TweetResp{Data:twitter.Tweet{ID:"123"}}`},