Authorization code grant uses redirectURL

[#167576651] Signed-off-by: Andrew Edstrom <[email protected]> Co-authored-by: Andrew Edstrom <[email protected]>
cloudfoundry · Aug 27, 2019 · bcfca1f · bcfca1f
1 parent b2b1dd4
commit bcfca1f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/api.go b/api.go
@@ -19,6 +19,7 @@ type API struct {
 	AuthenticatedClient       *http.Client
 	UnauthenticatedClient     *http.Client
 	TargetURL                 *url.URL
+	redirectURL               *url.URL
 	skipSSLValidation         bool
 	Verbose                   bool
 	ZoneID                    string
@@ -304,21 +305,22 @@ func (a *API) Token(ctx context.Context) (*oauth2.Token, error) {
 
 // NewWithAuthorizationCode builds an API that uses the authorization code
 // grant to get a token for use with the UAA API.
-func NewWithAuthorizationCode(target string, zoneID string, clientID string, clientSecret string, authorizationCode string, tokenFormat TokenFormat, skipSSLValidation bool) (*API, error) {
-	a := New(target, zoneID).WithSkipSSLValidation(skipSSLValidation).WithAuthorizationCode(clientID, clientSecret, authorizationCode, tokenFormat)
+func NewWithAuthorizationCode(target string, zoneID string, clientID string, clientSecret string, authorizationCode string, tokenFormat TokenFormat, skipSSLValidation bool, redirectURL *url.URL) (*API, error) {
+	a := New(target, zoneID).WithSkipSSLValidation(skipSSLValidation).WithAuthorizationCode(clientID, clientSecret, authorizationCode, tokenFormat, redirectURL)
 	err := a.Validate()
 	if err != nil {
 		return nil, err
 	}
 	return a, err
 }
 
-func (a *API) WithAuthorizationCode(clientID string, clientSecret string, authorizationCode string, tokenFormat TokenFormat) *API {
+func (a *API) WithAuthorizationCode(clientID string, clientSecret string, authorizationCode string, tokenFormat TokenFormat, redirectURL *url.URL) *API {
 	a.mode = authorizationcode
 	a.clientID = clientID
 	a.clientSecret = clientSecret
 	a.authorizationCode = authorizationCode
 	a.tokenFormat = tokenFormat
+	a.redirectURL = redirectURL
 	_ = a.Validate()
 	return a
 }
@@ -336,6 +338,7 @@ func (a *API) validateAuthorizationCode() error {
 			TokenURL:  tokenURL.String(),
 			AuthStyle: oauth2.AuthStyleInHeader,
 		},
+		RedirectURL: a.redirectURL.String(),
 	}
 	a.oauthConfig = c
 	if a.UnauthenticatedClient == nil {

diff --git a/api_test.go b/api_test.go
@@ -5,11 +5,12 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"reflect"
 	"testing"
 	"time"
 
-	uaa "github.com/cloudfoundry-community/go-uaa"
+	"github.com/cloudfoundry-community/go-uaa"
 	. "github.com/onsi/gomega"
 	"github.com/onsi/gomega/ghttp"
 	"github.com/sclevine/spec"
@@ -218,6 +219,7 @@ func testNew(t *testing.T, when spec.G, it spec.S) {
 
 	when("NewWithAuthorizationCode", func() {
 		var s *ghttp.Server
+		redirectUrl, _ := url.ParseRequestURI("https://example.net")
 
 		stubTokenRequest := func(clientId string, clientSecret string, authCode string, tokenFormat uaa.TokenFormat, response http.HandlerFunc) {
 			s.AppendHandlers(ghttp.CombineHandlers(
@@ -267,14 +269,14 @@ func testNew(t *testing.T, when spec.G, it spec.S) {
 			})
 
 			it("returns an API with a TargetURL", func() {
-				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false)
+				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false, redirectUrl)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(api).NotTo(BeNil())
 				Expect(api.TargetURL.String()).To(Equal(s.URL()))
 			})
 
 			it("returns an API with an HTTPClient", func() {
-				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false)
+				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false, redirectUrl)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(api).NotTo(BeNil())
 				Expect(api.AuthenticatedClient).NotTo(BeNil())
@@ -283,7 +285,7 @@ func testNew(t *testing.T, when spec.G, it spec.S) {
 
 		when("invalid target url", func() {
 			it("returns an error", func() {
-				api, err := uaa.NewWithAuthorizationCode("(*#&^@%$&%)", "client-id", "client-secret", "auth-code", "", uaa.OpaqueToken, false)
+				api, err := uaa.NewWithAuthorizationCode("(*#&^@%$&%)", "client-id", "client-secret", "auth-code", "", uaa.OpaqueToken, false, redirectUrl)
 				Expect(err).To(HaveOccurred())
 				Expect(api).To(BeNil())
 			})
@@ -300,7 +302,7 @@ func testNew(t *testing.T, when spec.G, it spec.S) {
 			})
 
 			it("returns an error", func() {
-				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "", uaa.JSONWebToken, false)
+				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "", uaa.JSONWebToken, false, redirectUrl)
 				Expect(err).To(HaveOccurred())
 				Expect(api).To(BeNil())
 			})
@@ -317,7 +319,7 @@ func testNew(t *testing.T, when spec.G, it spec.S) {
 			})
 
 			it("returns an error", func() {
-				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false)
+				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false, redirectUrl)
 				Expect(err).To(HaveOccurred())
 				Expect(api).To(BeNil())
 			})
@@ -336,7 +338,7 @@ func testNew(t *testing.T, when spec.G, it spec.S) {
 			})
 
 			it("Token() will set the UnauthenticatedClient to the default", func() {
-				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false)
+				api, err := uaa.NewWithAuthorizationCode(s.URL(), "", "client-id", "client-secret", "auth-code", uaa.OpaqueToken, false, redirectUrl)
 				Expect(err).To(BeNil())
 				Expect(api).NotTo(BeNil())
 				api.UnauthenticatedClient = nil