Skip to content

Commit

Permalink
Merge pull request #229 from danielgtaylor/redirect-url
Browse files Browse the repository at this point in the history
chore: add configurable redirect_url, preserve default value
  • Loading branch information
lgarrett-isp authored Dec 6, 2023
2 parents b75a307 + 9a25266 commit a92c7db
Showing 1 changed file with 23 additions and 5 deletions.
28 changes: 23 additions & 5 deletions oauth/authcode.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// AuthorizationCodeTokenSource with PKCE as described in:
// https://www.oauth.com/oauth2-servers/pkce/
// This works by running a local HTTP server on port 8484 and then having the
// user log in through a web browser, which redirects to the local server with
// user log in through a web browser, which redirects to the redirect url with
// an authorization code. That code is then used to make another HTTP request
// to fetch an auth token (and refresh token). That token is then in turn
// used to make requests against the API.
Expand All @@ -189,10 +189,19 @@ type AuthorizationCodeTokenSource struct {
ClientSecret string
AuthorizeURL string
TokenURL string
RedirectURL string
EndpointParams *url.Values
Scopes []string
}

func (ac *AuthorizationCodeTokenSource) getRedirectUrl() string {
if ac.RedirectURL == "" {
return "http://localhost:8484"
}

return ac.RedirectURL
}

// Token generates a new token using an authorization code.
func (ac *AuthorizationCodeTokenSource) Token() (*oauth2.Token, error) {
// Generate a random code verifier string
Expand All @@ -219,7 +228,7 @@ func (ac *AuthorizationCodeTokenSource) Token() (*oauth2.Token, error) {
aq.Set("code_challenge", challenge)
aq.Set("code_challenge_method", "S256")
aq.Set("client_id", ac.ClientID)
aq.Set("redirect_uri", "http://localhost:8484/")
aq.Set("redirect_uri", ac.getRedirectUrl())
aq.Set("scope", strings.Join(ac.Scopes, " "))
if ac.EndpointParams != nil {
for k, v := range *ac.EndpointParams {
Expand All @@ -234,8 +243,15 @@ func (ac *AuthorizationCodeTokenSource) Token() (*oauth2.Token, error) {
c: codeChan,
}

// strip protocol prefix from configured redirect url for local webserver
u, err := url.Parse(ac.getRedirectUrl())
if err != nil {
panic(err)
}
redirectServer := fmt.Sprintf("%s:%s", u.Hostname(), u.Port())

s := &http.Server{
Addr: "localhost:8484",
Addr: redirectServer,
Handler: handler,
ReadTimeout: 5 * time.Second,
WriteTimeout: 5 * time.Second,
Expand Down Expand Up @@ -284,7 +300,7 @@ func (ac *AuthorizationCodeTokenSource) Token() (*oauth2.Token, error) {
payload.Set("client_id", ac.ClientID)
payload.Set("code_verifier", verifier)
payload.Set("code", code)
payload.Set("redirect_uri", "http://localhost:8484/")
payload.Set("redirect_uri", ac.getRedirectUrl())
if ac.ClientSecret != "" {
payload.Set("client_secret", ac.ClientSecret)
}
Expand All @@ -304,6 +320,7 @@ func (h *AuthorizationCodeHandler) Parameters() []cli.AuthParam {
{Name: "authorize_url", Required: true, Help: "OAuth 2.0 authorization URL, e.g. https://api.example.com/oauth/authorize"},
{Name: "token_url", Required: true, Help: "OAuth 2.0 token URL, e.g. https://api.example.com/oauth/token"},
{Name: "scopes", Help: "Optional scopes to request in the token"},
{Name: "redirect_url", Help: "Optional redirect URL with protocol and port, defaults to 'http://localhost:8484' if not specified. "},
}
}

Expand All @@ -312,7 +329,7 @@ func (h *AuthorizationCodeHandler) OnRequest(request *http.Request, key string,
if request.Header.Get("Authorization") == "" {
endpointParams := url.Values{}
for k, v := range params {
if k == "client_id" || k == "client_secret" || k == "scopes" || k == "authorize_url" || k == "token_url" {
if k == "client_id" || k == "client_secret" || k == "scopes" || k == "authorize_url" || k == "token_url" || k == "redirect_url" {
// Not a custom param...
continue
}
Expand All @@ -325,6 +342,7 @@ func (h *AuthorizationCodeHandler) OnRequest(request *http.Request, key string,
ClientSecret: params["client_secret"],
AuthorizeURL: params["authorize_url"],
TokenURL: params["token_url"],
RedirectURL: params["redirect_url"],
EndpointParams: &endpointParams,
Scopes: strings.Split(params["scopes"], ","),
}
Expand Down

0 comments on commit a92c7db

Please # to comment.