feat: get issuer from context for device auth

2023-04-11 18:49:42 +03:00 · 2023-04-11 18:49:42 +03:00 · 643669fe4f
commit 643669fe4f
parent 97bc09583d
4 changed files with 18 additions and 6 deletions
--- a/example/server/exampleop/op.go
+++ b/example/server/exampleop/op.go
@ -107,7 +107,7 @@ func newOP(storage op.Storage, issuer string, key [32]byte) (op.OpenIDProvider,
 		DeviceAuthorization: op.DeviceAuthorizationConfig{
 			Lifetime:     5 * time.Minute,
 			PollInterval: 5 * time.Second,
-			UserFormURL:  issuer + "device",
+			UserFormURL:  "/device",
 			UserCode:     op.UserCodeBase20,
 		},
 	}
--- a/pkg/op/device.go
+++ b/pkg/op/device.go
@ -8,6 +8,7 @@ import (
 	"fmt"
 	"math/big"
 	"net/http"
+	"net/url"
 	"strings"
 	"time"

@ -18,8 +19,11 @@ import (
 type DeviceAuthorizationConfig struct {
 	Lifetime     time.Duration
 	PollInterval time.Duration
-	UserFormURL  string // the URL where the user must go to authorize the device
-	UserCode     UserCodeConfig
+
+	// Path on the current host, where the user must go to authorize the device.
+	// Hostname will the current issuer from the context.
+	UserFormURL string
+	UserCode    UserCodeConfig
 }

 type UserCodeConfig struct {
@ -82,15 +86,22 @@ func DeviceAuthorization(w http.ResponseWriter, r *http.Request, o OpenIDProvide
 		return err
 	}

+	verification, err := url.Parse(IssuerFromContext(r.Context()))
+	if err != nil {
+		return oidc.ErrServerError().WithParent(err).WithDescription("invalid URL for issuer")
+	}
+	verification.Path = config.UserFormURL
+
 	response := &oidc.DeviceAuthorizationResponse{
 		DeviceCode:      deviceCode,
 		UserCode:        userCode,
-		VerificationURI: config.UserFormURL,
+		VerificationURI: verification.String(),
 		ExpiresIn:       int(config.Lifetime / time.Second),
 		Interval:        int(config.PollInterval / time.Second),
 	}

-	response.VerificationURIComplete = fmt.Sprintf("%s?user_code=%s", config.UserFormURL, userCode)
+	verification.RawQuery = "user_code=" + userCode
+	response.VerificationURIComplete = verification.String()

 	httphelper.MarshalJSON(w, response)
 	return nil
--- a/pkg/op/device_test.go
+++ b/pkg/op/device_test.go
@ -30,6 +30,7 @@ func Test_deviceAuthorizationHandler(t *testing.T) {

 	r := httptest.NewRequest(http.MethodPost, "/", body)
 	r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	r = r.WithContext(op.ContextWithIssuer(r.Context(), testIssuer))

 	w := httptest.NewRecorder()

--- a/pkg/op/op_test.go
+++ b/pkg/op/op_test.go
@ -40,7 +40,7 @@ func init() {
 		DeviceAuthorization: op.DeviceAuthorizationConfig{
 			Lifetime:     5 * time.Minute,
 			PollInterval: 5 * time.Second,
-			UserFormURL:  testIssuer + "device",
+			UserFormURL:  "/device",
 			UserCode:     op.UserCodeBase20,
 		},
 	}