Commit `27a39de`

mo khan <mo@mokhan.ca>

2025-03-18 20:47:06

refactor: allow overriding the default authorize uri query params

main

1 parent e6b7ade

Changed files (2)

bin

@@ -565,7 +565,6 @@ module Authz
 
     def post_authorize(request)
       params = request.params.slice('client_id', 'redirect_uri', 'response_type', 'response_mode', 'state', 'code_challenge_method', 'code_challenge', 'scope')
-
       grant = AuthorizationGrant.create!(current_user(request))
       case params['response_type']
       when 'code'
@@ -577,7 +576,6 @@ module Authz
         else
           # TODO:: form post
         end
-
       when 'token'
         return http_not_found
       else

@@ -40,9 +40,10 @@ end
 
 module OAuth
   class Client
-    attr_reader :client_id, :client_secret, :http
+    attr_reader :client_id, :client_secret, :http, :authz_host
 
-    def initialize(client_id, client_secret)
+    def initialize(authz_host, client_id, client_secret)
+      @authz_host = authz_host
       @client_id = client_id
       @client_secret = client_secret
       @http = Net::Hippie::Client.new(headers: ::Net::Hippie::Client::DEFAULT_HEADERS.merge({
@@ -54,12 +55,40 @@ module OAuth
       server_metadata.fetch(key)
     end
 
-    def redirect_uri
-      "#{$scheme}://#{$host}/oauth/callback"
+    def authorize_uri(state: SecureRandom.uuid, response_type: "code", response_mode: "query", scope: "openid")
+      [
+        self[:authorization_endpoint],
+        to_query(
+          client_id: client_id,
+          state: state,
+          redirect_uri: redirect_uri,
+          response_mode: response_mode,
+          response_type: response_type,
+          scope: scope,
+        )
+      ].join("?")
+    end
+
+    def exchange(grant_type:, code:)
+      with_http do |client|
+        client.post(self[:token_endpoint], body: {
+          grant_type: grant_type,
+          code: code,
+          code_verifier: "not_implemented"
+        })
+      end
     end
 
-    def authorize_uri(state: SecureRandom.uuid, response_mode: "query", scope: "openid")
-      "#{self[:authorization_endpoint]}?client_id=#{client_id}&state=#{state}&redirect_uri=#{redirect_uri}&response_type=code&response_mode=#{response_mode}&scope=#{scope}"
+    private
+
+    def to_query(params = {})
+      params.map do |(key, value)|
+        [key, value].join("=")
+      end.join("&")
+    end
+
+    def redirect_uri
+      "#{$scheme}://#{$host}/oauth/callback"
     end
 
     def with_http
@@ -71,20 +100,10 @@ module OAuth
     def server_metadata
       @server_metadata ||=
         with_http do |client|
-          response = client.get("http://#{$idp_host}/.well-known/openid-configuration")
+          response = client.get("http://#{authz_host}/.well-known/oauth-authorization-server")
           JSON.parse(response.body, symbolize_names: true)
         end
     end
-
-    def exchange(grant_type:, code:)
-      with_http do |client|
-        client.post(self[:token_endpoint], body: {
-          grant_type: grant_type,
-          code: code,
-          code_verifier: "not_implemented"
-        })
-      end
-    end
   end
 end
 
@@ -216,7 +235,7 @@ if __FILE__ == $0
     use Rack::Reloader
     use Rack::Session::Cookie, { domain: $host.split(":", 2)[0], path: "/", secret: SecureRandom.hex(64) }
 
-    run UI.new(::OAuth::Client.new('client_id', 'client_secret'))
+    run UI.new(::OAuth::Client.new($idp_host, 'client_id', 'client_secret'))
   end.to_app
 
   Rackup::Server.start(app: app, Port: $port)

Commit 27a39de

Commit `27a39de`