Class AuthHandlers
Defined in File auth_handlers.hpp
Class Documentation
-
class AuthHandlers
Handlers for authentication REST API endpoints.
Implements OAuth2-like authentication flow:
POST /auth/authorize - Authenticate with client credentials
POST /auth/token - Refresh access token (RFC 6749 token endpoint)
POST /auth/revoke - Revoke refresh token (RFC 7009)
All three handlers follow the PR-403 typed RouteRegistry convention:
http::Result<dto::TResponse> X(const http::TypedRequest & req);
The body is read directly from
req.body(via the framework escape hatch) because the auth endpoints accept BOTHapplication/jsonANDapplication/x-www-form-urlencoded(RFC 6749 §4.1.3). The framework’s typed-body parser only speaks JSON and would also emit SOVD’sinvalid-request(dash) code instead of OAuth2’sinvalid_request(underscore). The routes set.error_renderer(kOAuth2Error)so any returnedErrorInfois rendered as{error, error_description}per RFC 6749 §5.2.Note
These endpoints are only registered/exposed when authentication is enabled. The handlers still defensively return 404 when
auth.enabledis false, so a misconfiguration that leaves the routes wired without a manager does not crash.Public Functions
-
inline explicit AuthHandlers(HandlerContext &ctx)
Construct authentication handlers with shared context.
- Parameters:
ctx – The shared handler context
-
http::Result<dto::AuthTokenResponse> post_authorize(const http::TypedRequest &req)
POST /auth/authorize - authenticate with client_credentials grant. Returns an OAuth2 TokenResponse on success or an OAuth2 error on failure.
-
http::Result<dto::AuthTokenResponse> post_token(const http::TypedRequest &req)
POST /auth/token - refresh access token via the refresh_token grant.
-
http::Result<dto::AuthRevokeResponse> post_revoke(const http::TypedRequest &req)
POST /auth/revoke - revoke a refresh token (RFC 7009). Always returns 200 +
{"status":"revoked"}regardless of whether the token existed, to prevent token-enumeration side channels.