Scoped oauth

oauth2client/client.go

@@ -11,16 +11,16 @@ import (
 	"time"
 )
 
-func Authenticate(server string, w http.ResponseWriter, r *http.Request) error {
+func Authenticate(server, scope string, w http.ResponseWriter, r *http.Request) error {
 	oauth2server, err := url.Parse(server)
 	if err != nil {
 		return err
 	}
 	access, exists := findAccess(w, r)
 	if !exists {
-		return login(oauth2server, w, r)
+		return login(oauth2server, scope, w, r)
 	}
-	return verify(access, oauth2server, w, r)
+	return verify(access, oauth2server, scope, w, r)
 }
 
 func findAccess(w http.ResponseWriter, r *http.Request) (string, bool) {
@@ -58,8 +58,8 @@ func findAccessStable(w http.ResponseWriter, r *http.Request) (string, bool) {
 	return access.Value, true
 }
 
-func login(oauth2server *url.URL, w http.ResponseWriter, r *http.Request) error {
-	oauth2server.Path = "/users/log"
+func login(oauth2server *url.URL, scope string, w http.ResponseWriter, r *http.Request) error {
+	oauth2server.Path = "/users/log/" + scope
 	url := *r.URL
 	url.Host = r.Host
 	if url.Scheme == "" {
@@ -72,8 +72,8 @@ func login(oauth2server *url.URL, w http.ResponseWriter, r *http.Request) error
 	return errors.New("logging in")
 }
 
-func verify(access string, oauth2server *url.URL, w http.ResponseWriter, r *http.Request) error {
-	oauth2server.Path = "/verify"
+func verify(access string, oauth2server *url.URL, scope string, w http.ResponseWriter, r *http.Request) error {
+	oauth2server.Path = "/verify/" + scope
 	data := url.Values{}
 	data.Set("access", access)
 	req, err := http.NewRequest("POST", oauth2server.String(), strings.NewReader(data.Encode()))
@@ -94,7 +94,7 @@ func verify(access string, oauth2server *url.URL, w http.ResponseWriter, r *http
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
-		return login(oauth2server, w, r)
+		return login(oauth2server, scope, w, r)
 	}
 	return nil
 }