photoprism/internal/form/client_credentials.go
Michael Mayer 467f7b1585 OAuth2: Add Client Credentials Authentication
This adds standard OAuth2 client credentials and bearer token support as
well as scope-based authorization checks for REST API clients. Note that
this initial implementation should not be used in production and that
the access token limit has not been implemented yet.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2023-12-12 18:42:50 +01:00

39 lines
1 KiB
Go

package form
import (
"fmt"
"github.com/photoprism/photoprism/pkg/clean"
"github.com/photoprism/photoprism/pkg/rnd"
)
// ClientCredentials represents client authentication request credentials.
type ClientCredentials struct {
ClientID string `form:"client_id" json:"client_id,omitempty"`
ClientSecret string `form:"client_secret" json:" client_secret,omitempty"`
AuthScope string `form:"scope" json:"scope,omitempty"`
}
// Validate checks the grant type and credentials.
func (f ClientCredentials) Validate() error {
// Check client ID.
if f.ClientID == "" {
return fmt.Errorf("missing client id")
} else if rnd.InvalidUID(f.ClientID, 'c') {
return fmt.Errorf("invalid client id")
}
// Check client secret.
if f.ClientSecret == "" {
return fmt.Errorf("missing client secret")
} else if !rnd.IsAlnum(f.ClientSecret) {
return fmt.Errorf("invalid client secret")
}
return nil
}
// Scope returns the client scopes as sanitized string.
func (f ClientCredentials) Scope() string {
return clean.Scope(f.AuthScope)
}