Skip to content

Commit 64590b9

Browse files
danielgtaylordanielgtaylor
authored
Merge pull request #24 from h0x91b-wix/main
feat: supporting of oauth authorization_code with client_secret
2 parents 062646c + f094e0e commit 64590b9

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

oauth/authcode.go

+10-3
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
7171
// used to make requests against the API.
7272
type AuthorizationCodeTokenSource struct {
7373
ClientID string
74+
ClientSecret string
7475
AuthorizeURL string
7576
TokenURL string
7677
EndpointParams *url.Values
@@ -86,15 +87,15 @@ func (ac *AuthorizationCodeTokenSource) Token() (*oauth2.Token, error) {
8687
}
8788

8889
verifier := base64.RawURLEncoding.EncodeToString(verifierBytes)
90+
var url string
8991

9092
// Generate a code challenge. Only the challenge is sent when requesting a
9193
// code which allows us to keep it secret for now.
9294
shaBytes := sha256.Sum256([]byte(verifier))
9395
challenge := base64.RawURLEncoding.EncodeToString(shaBytes[:])
9496

9597
// Generate a URL with the challenge to have the user log in.
96-
url := fmt.Sprintf("%s?response_type=code&code_challenge=%s&code_challenge_method=S256&client_id=%s&redirect_uri=http://localhost:8484/&scope=%s", ac.AuthorizeURL, challenge, ac.ClientID, strings.Join(ac.Scopes, `%20`))
97-
98+
url = fmt.Sprintf("%s?response_type=code&code_challenge=%s&code_challenge_method=S256&client_id=%s&redirect_uri=http://localhost:8484/&scope=%s", ac.AuthorizeURL, challenge, ac.ClientID, strings.Join(ac.Scopes, `%20`))
9899
if len(*ac.EndpointParams) > 0 {
99100
url += "&" + ac.EndpointParams.Encode()
100101
}
@@ -140,8 +141,12 @@ func (ac *AuthorizationCodeTokenSource) Token() (*oauth2.Token, error) {
140141
}
141142
fmt.Println("")
142143
s.Shutdown(context.Background())
144+
var payload string
143145

144-
payload := fmt.Sprintf("grant_type=authorization_code&client_id=%s&code_verifier=%s&code=%s&redirect_uri=http://localhost:8484/", ac.ClientID, verifier, code)
146+
payload = fmt.Sprintf("grant_type=authorization_code&client_id=%s&code_verifier=%s&code=%s&redirect_uri=http://localhost:8484/", ac.ClientID, verifier, code)
147+
if ac.ClientSecret != "" {
148+
payload += fmt.Sprintf("&client_secret=%s", ac.ClientSecret)
149+
}
145150

146151
return requestToken(ac.TokenURL, payload)
147152
}
@@ -154,6 +159,7 @@ type AuthorizationCodeHandler struct{}
154159
func (h *AuthorizationCodeHandler) Parameters() []cli.AuthParam {
155160
return []cli.AuthParam{
156161
{Name: "client_id", Required: true, Help: "OAuth 2.0 Client ID"},
162+
{Name: "client_secret", Required: false, Help: "OAuth 2.0 Client Secret if exists"},
157163
{Name: "authorize_url", Required: true, Help: "OAuth 2.0 authorization URL, e.g. https://api.example.com/oauth/authorize"},
158164
{Name: "token_url", Required: true, Help: "OAuth 2.0 token URL, e.g. https://api.example.com/oauth/token"},
159165
{Name: "scopes", Help: "Optional scopes to request in the token"},
@@ -175,6 +181,7 @@ func (h *AuthorizationCodeHandler) OnRequest(request *http.Request, key string,
175181

176182
source := &AuthorizationCodeTokenSource{
177183
ClientID: params["client_id"],
184+
ClientSecret: params["client_secret"],
178185
AuthorizeURL: params["authorize_url"],
179186
TokenURL: params["token_url"],
180187
EndpointParams: &endpointParams,

0 commit comments

Comments
 (0)