Allow for arbitrary OAuth hosts

jamierocks · mislav · mislav · commit 6dfce1135200 · 2021-10-15T19:18:46.000+02:00
Not all OAuth hosts use the same routes as GitHub, for example:
- Microsoft use /oauth2/v2.0/devicecode
- Google use /device/code
- Auth0 use /oauth/device/code

Similar differences are present for the authorise and access token
routes too.

This commit introduces a concept of a Host, which is a container for
the endpoints that the library uses. After this, the Hostname field is
deprecated.

Co-authored-by: Mislav Marohnić &lt;mislav@github.com&gt;
diff --git a/examples_test.go b/examples_test.go
@@ -10,7 +10,7 @@ import (
 // flow support is globally available, but enables logging in to hosted GitHub instances as well.
 func Example() {
 	flow := &Flow{
-		Hostname:     "github.com",
+		Host:         GitHubHost("https://github.com"),
 		ClientID:     os.Getenv("OAUTH_CLIENT_ID"),
 		ClientSecret: os.Getenv("OAUTH_CLIENT_SECRET"), // only applicable to web app flow
 		CallbackURI:  "http://127.0.0.1/callback",      // only applicable to web app flow
diff --git a/go.sum b/go.sum
@@ -1,3 +1,4 @@
 github.com/cli/browser v1.0.0 h1:RIleZgXrhdiCVgFBSjtWwkLPUCWyhhhN5k5HGSBt1js=
 github.com/cli/browser v1.0.0/go.mod h1:IEWkHYbLjkhtjwwWlwTHW2lGxeS5gezEQBMLTwDHf5Q=
+github.com/cli/safeexec v1.0.0 h1:0VngyaIyqACHdcMNWfo6+KdUYnqEr2Sg+bSP1pdF+dI=
 github.com/cli/safeexec v1.0.0/go.mod h1:Z/D4tTN8Vs5gXYHDCbaM1S/anmEDnJb1iW0+EJ5zx3Q=
diff --git a/oauth.go b/oauth.go
@@ -17,10 +17,32 @@ type httpClient interface {
 	PostForm(string, url.Values) (*http.Response, error)
 }
 
+// Host defines the endpoints used to authorize against an OAuth server.
+type Host struct {
+	DeviceCodeURL string
+	AuthorizeURL  string
+	TokenURL      string
+}
+
+// GitHubHost constructs a Host from the given URL to a GitHub instance.
+func GitHubHost(hostURL string) *Host {
+	u, _ := url.Parse(hostURL)
+
+	return &Host{
+		DeviceCodeURL: fmt.Sprintf("%s://%s/login/device/code", u.Scheme, u.Host),
+		AuthorizeURL:  fmt.Sprintf("%s://%s/login/oauth/authorize", u.Scheme, u.Host),
+		TokenURL:      fmt.Sprintf("%s://%s/login/oauth/access_token", u.Scheme, u.Host),
+	}
+}
+
 // Flow facilitates a single OAuth authorization flow.
 type Flow struct {
-	// The host to authorize the app with.
+	// The hostname to authorize the app with.
+	//
+	// Deprecated: Use Host instead.
 	Hostname string
+	// Host configuration to authorize the app with.
+	Host *Host
 	// OAuth scopes to request from the user.
 	Scopes []string
 	// OAuth application ID.
@@ -47,18 +69,6 @@ type Flow struct {
 	Stdout io.Writer
 }
 
-func deviceInitURL(host string) string {
-	return fmt.Sprintf("https://%s/login/device/code", host)
-}
-
-func webappInitURL(host string) string {
-	return fmt.Sprintf("https://%s/login/oauth/authorize", host)
-}
-
-func tokenURL(host string) string {
-	return fmt.Sprintf("https://%s/login/oauth/access_token", host)
-}
-
 // DetectFlow tries to perform Device flow first and falls back to Web application flow.
 func (oa *Flow) DetectFlow() (*api.AccessToken, error) {
 	accessToken, err := oa.DeviceFlow()
diff --git a/oauth_device.go b/oauth_device.go
@@ -28,8 +28,12 @@ func (oa *Flow) DeviceFlow() (*api.AccessToken, error) {
 	if stdout == nil {
 		stdout = os.Stdout
 	}
+	host := oa.Host
+	if host == nil {
+		host = GitHubHost("https://" + oa.Hostname)
+	}
 
-	code, err := device.RequestCode(httpClient, deviceInitURL(oa.Hostname), oa.ClientID, oa.Scopes)
+	code, err := device.RequestCode(httpClient, host.DeviceCodeURL, oa.ClientID, oa.Scopes)
 	if err != nil {
 		return nil, err
 	}
@@ -54,7 +58,7 @@ func (oa *Flow) DeviceFlow() (*api.AccessToken, error) {
 		return nil, fmt.Errorf("error opening the web browser: %w", err)
 	}
 
-	return device.PollToken(httpClient, tokenURL(oa.Hostname), oa.ClientID, code)
+	return device.PollToken(httpClient, host.TokenURL, oa.ClientID, code)
 }
 
 func waitForEnter(r io.Reader) error {
diff --git a/oauth_webapp.go b/oauth_webapp.go
@@ -12,6 +12,11 @@ import (
 // WebAppFlow starts a local HTTP server, opens the web browser to initiate the OAuth Web application
 // flow, blocks until the user completes authorization and is redirected back, and returns the access token.
 func (oa *Flow) WebAppFlow() (*api.AccessToken, error) {
+	host := oa.Host
+	if host == nil {
+		host = GitHubHost("https://" + oa.Hostname)
+	}
+
 	flow, err := webapp.InitFlow()
 	if err != nil {
 		return nil, err
@@ -23,7 +28,7 @@ func (oa *Flow) WebAppFlow() (*api.AccessToken, error) {
 		Scopes:      oa.Scopes,
 		AllowSignup: true,
 	}
-	browserURL, err := flow.BrowserURL(webappInitURL(oa.Hostname), params)
+	browserURL, err := flow.BrowserURL(host.AuthorizeURL, params)
 	if err != nil {
 		return nil, err
 	}
@@ -47,5 +52,5 @@ func (oa *Flow) WebAppFlow() (*api.AccessToken, error) {
 		httpClient = http.DefaultClient
 	}
 
-	return flow.AccessToken(httpClient, tokenURL(oa.Hostname), oa.ClientSecret)
+	return flow.AccessToken(httpClient, host.TokenURL, oa.ClientSecret)
 }

Original file line number	Diff line number	Diff line change
`@@ -28,8 +28,12 @@ func (oa Flow) DeviceFlow() (api.AccessToken, error) {`
`28`	`28`	`if stdout == nil {`
`29`	`29`	`stdout = os.Stdout`
`30`	`30`	`}`
	`31`	`+ host := oa.Host`
	`32`	`+ if host == nil {`
	`33`	`+ host = GitHubHost("https://" + oa.Hostname)`
	`34`	`+ }`
`31`	`35`
`32`		`- code, err := device.RequestCode(httpClient, deviceInitURL(oa.Hostname), oa.ClientID, oa.Scopes)`
	`36`	`+ code, err := device.RequestCode(httpClient, host.DeviceCodeURL, oa.ClientID, oa.Scopes)`
`33`	`37`	`if err != nil {`
`34`	`38`	`return nil, err`
`35`	`39`	`}`
`@@ -54,7 +58,7 @@ func (oa Flow) DeviceFlow() (api.AccessToken, error) {`
`54`	`58`	`return nil, fmt.Errorf("error opening the web browser: %w", err)`
`55`	`59`	`}`
`56`	`60`
`57`		`- return device.PollToken(httpClient, tokenURL(oa.Hostname), oa.ClientID, code)`
	`61`	`+ return device.PollToken(httpClient, host.TokenURL, oa.ClientID, code)`
`58`	`62`	`}`
`59`	`63`
`60`	`64`	`func waitForEnter(r io.Reader) error {`