summaryrefslogtreecommitdiff
path: root/cmd/client/oauth2.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/client/oauth2.go')
-rw-r--r--cmd/client/oauth2.go51
1 files changed, 45 insertions, 6 deletions
diff --git a/cmd/client/oauth2.go b/cmd/client/oauth2.go
index 6667c5a..1ccdaaa 100644
--- a/cmd/client/oauth2.go
+++ b/cmd/client/oauth2.go
@@ -5,6 +5,7 @@ import (
5 "encoding/json" 5 "encoding/json"
6 "fmt" 6 "fmt"
7 "net/http" 7 "net/http"
8 "net/url"
8 "strings" 9 "strings"
9 "time" 10 "time"
10 11
@@ -23,6 +24,36 @@ type Oauth2PKCEDeviceClient struct {
23 interval time.Duration 24 interval time.Duration
24} 25}
25 26
27func (c *Oauth2PKCEDeviceClient) discoverHost(ctx context.Context) (*models.OauthDiscoveryMetadata, error) {
28 u := &url.URL{
29 Scheme: "https",
30 Host: c.Host,
31 Path: models.Oauth2MetadataPath,
32 }
33
34 req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil)
35 if err != nil {
36 return nil, err
37 }
38
39 res, err := http.DefaultClient.Do(req)
40 if err != nil {
41 return nil, err
42 }
43 defer res.Body.Close()
44
45 if res.StatusCode != http.StatusOK {
46 return nil, fmt.Errorf("Oauth2 discovery request failed with code %d", res.StatusCode)
47 }
48
49 var resp models.OauthDiscoveryMetadata
50 if err := json.NewDecoder(res.Body).Decode(&resp); err != nil {
51 return nil, err
52 }
53
54 return &resp, nil
55}
56
26func (c *Oauth2PKCEDeviceClient) Authorize(ctx context.Context) (*models.DeviceAuthorizationResponse, error) { 57func (c *Oauth2PKCEDeviceClient) Authorize(ctx context.Context) (*models.DeviceAuthorizationResponse, error) {
27 challenge, err := models.NewPKCEChallenge() 58 challenge, err := models.NewPKCEChallenge()
28 if err != nil { 59 if err != nil {
@@ -40,8 +71,12 @@ func (c *Oauth2PKCEDeviceClient) Authorize(ctx context.Context) (*models.DeviceA
40 return nil, err 71 return nil, err
41 } 72 }
42 73
43 url := fmt.Sprintf("https://%s/auth/device", c.Host) 74 md, err := c.discoverHost(ctx)
44 req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, strings.NewReader(values.Encode())) 75 if err != nil {
76 return nil, err
77 }
78
79 req, err := http.NewRequestWithContext(ctx, http.MethodPost, md.DeviceAuthorizationEndpoint, strings.NewReader(values.Encode()))
45 if err != nil { 80 if err != nil {
46 return nil, err 81 return nil, err
47 } 82 }
@@ -53,7 +88,7 @@ func (c *Oauth2PKCEDeviceClient) Authorize(ctx context.Context) (*models.DeviceA
53 } 88 }
54 defer res.Body.Close() 89 defer res.Body.Close()
55 90
56 if res.StatusCode != 200 { 91 if res.StatusCode != http.StatusOK {
57 var resError models.Oauth2Error 92 var resError models.Oauth2Error
58 if err := json.NewDecoder(res.Body).Decode(&resError); err != nil { 93 if err := json.NewDecoder(res.Body).Decode(&resError); err != nil {
59 return nil, err 94 return nil, err
@@ -85,8 +120,12 @@ func (c *Oauth2PKCEDeviceClient) fetchToken(ctx context.Context, deviceCode stri
85 return nil, err 120 return nil, err
86 } 121 }
87 122
88 url := fmt.Sprintf("https://%s/auth/token", c.Host) 123 md, err := c.discoverHost(ctx)
89 req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, strings.NewReader(values.Encode())) 124 if err != nil {
125 return nil, err
126 }
127
128 req, err := http.NewRequestWithContext(ctx, http.MethodPost, md.TokenEndpoint, strings.NewReader(values.Encode()))
90 if err != nil { 129 if err != nil {
91 return nil, err 130 return nil, err
92 } 131 }
@@ -98,7 +137,7 @@ func (c *Oauth2PKCEDeviceClient) fetchToken(ctx context.Context, deviceCode stri
98 } 137 }
99 defer res.Body.Close() 138 defer res.Body.Close()
100 139
101 if res.StatusCode != 200 { 140 if res.StatusCode != http.StatusOK {
102 var resError models.Oauth2Error 141 var resError models.Oauth2Error
103 if err := json.NewDecoder(res.Body).Decode(&resError); err != nil { 142 if err := json.NewDecoder(res.Body).Decode(&resError); err != nil {
104 return nil, err 143 return nil, err
© 2015 Mike Crute