Wt  4.0.2
Public Member Functions | List of all members
Wt::Auth::OAuthAuthorizationEndpointProcess Class Reference

Allows clients to authorize users according to the OAuth 2.0 protocol. More...

#include <Wt/Auth/OAuthAuthorizationEndpointProcess.h>

Inheritance diagram for Wt::Auth::OAuthAuthorizationEndpointProcess:
Inheritance graph
[legend]

Public Member Functions

 OAuthAuthorizationEndpointProcess (Login &login, AbstractUserDatabase &db)
 Constructor.
 
void processEnvironment ()
 Processes the environment and authorizes the user when already logged in. More...
 
bool validRequest () const
 Returns true if the request was a valid OAuth request with the correct parameters.
 
Signal< std::string > & authorized ()
 This signal is emitted when the user has successfully logged in. More...
 
void authorizeScope (const std::string &scope)
 Authorize the given scope and redirect the user. More...
 
void setAuthCodeExpSecs (int seconds)
 Sets the amount of seconds after which generated authorization codes expire. More...
 
- Public Member Functions inherited from Wt::WObject
void addChild (std::unique_ptr< WObject > child)
 Add a child WObject whose lifetime is determined by this WObject.
 
template<typename Child >
Child * addChild (std::unique_ptr< Child > child)
 Add a child WObject, returning a raw pointer. More...
 
std::unique_ptr< WObjectremoveChild (WObject *child)
 Remove a child WObject, so its lifetime is no longer determined by this WObject.
 
virtual const std::string id () const
 Returns the (unique) identifier for this object. More...
 
virtual void setObjectName (const std::string &name)
 Sets an object name. More...
 
virtual std::string objectName () const
 Returns the object name. More...
 
void resetLearnedSlots ()
 Resets learned stateless slot implementations. More...
 
template<class T >
void resetLearnedSlot (void(T::*method)())
 Resets a learned stateless slot implementation. More...
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)())
 Declares a slot to be stateless and learn client-side behaviour on first invocation. More...
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)(), void(T::*undoMethod)())
 Declares a slot to be stateless and learn client-side behaviour in advance. More...
 
void isNotStateless ()
 Marks the current function as not stateless. More...
 
template<class T >
WStatelessSlot * implementJavaScript (void(T::*method)(), const std::string &jsCode)
 Provides a JavaScript implementation for a method. More...
 
- Public Member Functions inherited from Wt::Core::observable
 observable () noexcept
 Default constructor.
 
virtual ~observable ()
 Destructor. More...
 

Additional Inherited Members

- Public Types inherited from Wt::WObject
typedef void(WObject::* Method) ()
 Typedef for a WObject method without arguments.
 
- Protected Member Functions inherited from Wt::WObject
virtual WStatelessSlot * getStateless (Method method)
 On-demand stateless slot implementation. More...
 

Detailed Description

Allows clients to authorize users according to the OAuth 2.0 protocol.

This class will process the environment and perform the authorization of the user if this is possible. If this is successful, an authorization code will be sent to the client.

The following URL parameters are expected: "client_id", which obviously has to contain a valid client ID. "redirect_uri", which has to be a valid redirect URI where the user will be redirected to when the authorization has been succesful. "scope", which has to be set to the scope of the requested information. "response_type", which has to be set to "code". If the "state" parameter has been included, it will be passed on as a paremeter to the redirect URI.

When the client ID and the redirect URI is valid but something else went wrong, an "error=invalid_request" will be sent to the client. If the user failed to log in correctly "error=login_required" will be sent. If everything went OK, the "code" parameter is included which can be used to obtain a token from a token endpoint.

See https://tools.ietf.org/rfc/rfc6749.txt for more information.

This class relies on a correct implementation of several function in the AbstractUserDatabase. Namely AbstractUserDatabase::idpClientFindWithId, AbstractUserDatabase::idpTokenAdd, and AbstractUserDatabase::idpClientRedirectUris.

Must be deployed with TLS.

Example:

process = std::make_unique<OAuthAuthorizationEndpointProcess>(
login,
database);
process->authorized().connect(
process.get(),
process->processEnvironment();
if (process->validRequest()) {
root()->addWidget(std::move(authWidget));
} else
root()->addWidget(std::make_unique<Wt::WText>(Wt::utf8("The request was invalid."));
See also
OAuthTokenEndpoint
AbstractUserDatabase

Member Function Documentation

Signal<std::string>& Wt::Auth::OAuthAuthorizationEndpointProcess::authorized ( )

This signal is emitted when the user has successfully logged in.

When the user has successfully logged in and the request is valid, this signal will be emitted and the user can be redirected to the redirect URI using authorizeScope.

This signal supplies the scope as argument.

void Wt::Auth::OAuthAuthorizationEndpointProcess::authorizeScope ( const std::string &  scope)

Authorize the given scope and redirect the user.

If the user has successfully logged in this function will redirect the user to the redirect URI with a valid "code" parameter which is only valid for the given scope.

void Wt::Auth::OAuthAuthorizationEndpointProcess::processEnvironment ( )

Processes the environment and authorizes the user when already logged in.

The authorized() signal should be connected before calling this function.

void Wt::Auth::OAuthAuthorizationEndpointProcess::setAuthCodeExpSecs ( int  seconds)

Sets the amount of seconds after which generated authorization codes expire.

This defaults to 600 seconds.


Generated on Fri Nov 24 2017 for the C++ Web Toolkit (Wt) by doxygen 1.8.11