Implement token introspection and revocation

Fixes #3

profiles/profile.go

@@ -13,6 +13,8 @@ type Profile struct {
 	ClientSecret string
 	AuthorizationEndpoint string
 	TokenEndpoint string
+	IntrospectionEndpoint string
+	RevocationEndpoint string
 	RedirectURI string
 	GrantType string
 	Scope string
@@ -28,6 +30,8 @@ const (
 	CLIENT_SECRET              = "client_secret"
 	AUTH_SERVER_AUTH_ENDPOINT  = "auth_server_auth_endpoint"
 	AUTH_SERVER_TOKEN_ENDPOINT = "auth_server_token_endpoint"
+	INTROSPECTION_ENDPOINT     = "introspection_endpoint"
+	REVOCATION_ENDPOINT        = "revocation_endpoint"
 	REDIRECT                   = "redirect"
 	GRANT_TYPE                 = "grant_type"
 	SCOPES                     = "scopes"
@@ -52,6 +56,8 @@ func LoadProfile(profileName string) (Profile, error) {
 			ClientSecret:			getOrDefault(p, CLIENT_SECRET, DEFAULT_CLIENT_SECRET),
 			AuthorizationEndpoint:	getOrDefault(p, AUTH_SERVER_AUTH_ENDPOINT, ""),
 			TokenEndpoint:			getOrDefault(p, AUTH_SERVER_TOKEN_ENDPOINT, ""),
+			IntrospectionEndpoint:	getOrDefault(p, INTROSPECTION_ENDPOINT, ""),
+			RevocationEndpoint:		getOrDefault(p, REVOCATION_ENDPOINT, ""),
 			RedirectURI:			getOrDefault(p, REDIRECT, ""),
 			GrantType:				getOrDefault(p, GRANT_TYPE, DEFAULT_GRANT_TYPE),
 			Scope:					getOrDefault(p, SCOPES, DEFAULT_SCOPES),

request/oauth2.go

@@ -111,7 +111,7 @@ func tokenRequest(v url.Values,request *AurlExecution) (*string, error) {
 	if dumpReq, err := httputil.DumpRequestOut(req, true); err == nil {
 		log.Printf("Token request >>>\n%s\n<<<", string(dumpReq))
 	} else {
-		log.Printf("Token request dump failed: ", err)
+		log.Printf("Token request dump failed: %v", err)
 	}
 
 	client := &http.Client{
@@ -131,7 +131,7 @@ func tokenRequest(v url.Values,request *AurlExecution) (*string, error) {
 	if dumpResp, err := httputil.DumpResponse(resp, true); err == nil {
 		log.Printf("Token response >>>\n%s\n<<<", string(dumpResp))
 	} else {
-		log.Printf("Token response dump failed: ", err)
+		log.Printf("Token response dump failed: %v", err)
 	}
 
 	if resp.StatusCode == 200 {
@@ -147,6 +147,70 @@ func tokenRequest(v url.Values,request *AurlExecution) (*string, error) {
 	}
 }
 
+func introspectRequest(token string, request *AurlExecution) (*http.Response, error) {
+	values := url.Values{
+		"token": {token},
+	}
+
+	req, err := http.NewRequest("POST", request.Profile.IntrospectionEndpoint, strings.NewReader(values.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.SetBasicAuth(request.Profile.ClientId, request.Profile.ClientSecret)
+
+	if dumpReq, err := httputil.DumpRequestOut(req, true); err == nil {
+		log.Printf("Introspection request >>>\n%s\n<<<", string(dumpReq))
+	} else {
+		log.Printf("Introspection request dump failed: %v", err)
+	}
+
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: *request.Insecure,
+			},
+		},
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		log.Printf("Introspection request failed: %s", err.Error())
+	}
+	return resp, err
+}
+
+func revokeRequest(token string,request *AurlExecution) (*http.Response, error) {
+	values := url.Values{
+		"token": {token},
+	}
+
+	req, err := http.NewRequest("POST", request.Profile.RevocationEndpoint, strings.NewReader(values.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.SetBasicAuth(request.Profile.ClientId, request.Profile.ClientSecret)
+
+	if dumpReq, err := httputil.DumpRequestOut(req, true); err == nil {
+		log.Printf("Revocation request >>>\n%s\n<<<", string(dumpReq))
+	} else {
+		log.Printf("Revocation request dump failed: %v", err)
+	}
+
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: *request.Insecure,
+			},
+		},
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		log.Printf("Revocation request failed: %s", err.Error())
+	}
+	return resp, err
+}
+
 
 func condVal(v string) []string {
 	if v == "" {

request/request.go

@@ -39,7 +39,7 @@ func (execution *AurlExecution) Execute() error {
 		if tokenResponse, err := tokens.New(tokenResponseString); err == nil {
 			log.Printf("Stored access token: %v", tokenResponse.AccessToken)
 			if tokenResponse.IsExpired() == false {
-				response, err := execution.doRequest(tokenResponse, execution.Profile)
+				response, err := execution.doWork(tokenResponse, execution.Profile)
 				if err == nil {
 					log.Println("Stored access token was valid")
 					execution.doPrint(response)
@@ -57,7 +57,7 @@ func (execution *AurlExecution) Execute() error {
 						log.Printf("Refreshed token response: >>>\n%v\n<<<", *tokenResponseString)
 					}
 					if tokenResponse, err := tokens.New(tokenResponseString); err == nil {
-						if response, err := execution.doRequest(tokenResponse, execution.Profile); err == nil {
+						if response, err := execution.doWork(tokenResponse, execution.Profile); err == nil {
 							log.Println("Refreshed access token was valid")
 							execution.doPrint(response)
 							tokens.SaveTokenResponseString(execution.Profile.Name, tokenResponseString)
@@ -121,6 +121,19 @@ func (request *AurlExecution) grant() (*string, error) {
 	}
 }
 
+func (request *AurlExecution) doWork(tokenResponse tokens.TokenResponse, profile profiles.Profile) (*http.Response, error) {
+	if *request.TargetUrl == "introspect" {
+		return introspectRequest(tokenResponse.AccessToken, request)
+	}
+
+	if *request.TargetUrl == "revoke" {
+		return revokeRequest(tokenResponse.AccessToken, request)
+	}
+
+	return request.doRequest(tokenResponse, profile)
+}
+
+
 func (request *AurlExecution) doRequest(tokenResponse tokens.TokenResponse, profile profiles.Profile) (*http.Response, error) {
 	body := strings.NewReader(*request.Data)
 	req, err := http.NewRequest(*request.Method, *request.TargetUrl, body)