writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
Browse Source

Adding scope field to generic OAuth 

Some OAuth providers (like Mastodon) do not use the default
"read_user" scope, instead offering a custom scope. The config.ini
for generic OAuth now contains a "scope" field, allowing the admin
to set the scope manually (it defaults to "read_user" if blank).
pull/402/head
Darius Kazemi 3 years ago
parent
e1cde913e2
commit
667cbb97ed
3 changed files with 6 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      config/config.go
  2. +1
    -0
      oauth.go
  3. +4
    -2
      oauth_generic.go

+ 1
- 0
config/config.go View File

@@ -108,6 +108,7 @@ type (
TokenEndpoint string `ini:"token_endpoint"`
InspectEndpoint string `ini:"inspect_endpoint"`
AuthEndpoint string `ini:"auth_endpoint"`
Scope string `ini:"scope"`
AllowDisconnect bool `ini:"allow_disconnect"`
}



+ 1
- 0
oauth.go View File

@@ -265,6 +265,7 @@ func configureGenericOauth(parentHandler *Handler, r *mux.Router, app *App) {
AuthLocation: app.Config().GenericOauth.Host + app.Config().GenericOauth.AuthEndpoint,
HttpClient: config.DefaultHTTPClient(),
CallbackLocation: callbackLocation,
Scope: config.OrDefaultString(app.Config().GenericOauth.Scope, "read_user"),
}
configureOauthRoutes(parentHandler, r, app, oauthClient, callbackProxy)
}


+ 4
- 2
oauth_generic.go View File

@@ -15,6 +15,7 @@ type genericOauthClient struct {
ExchangeLocation string
InspectLocation string
CallbackLocation string
Scope string
HttpClient HttpClient
}

@@ -46,7 +47,7 @@ func (c genericOauthClient) buildLoginURL(state string) (string, error) {
q.Set("redirect_uri", c.CallbackLocation)
q.Set("response_type", "code")
q.Set("state", state)
q.Set("scope", "read_user")
q.Set("scope", c.Scope)
u.RawQuery = q.Encode()
return u.String(), nil
}
@@ -55,7 +56,7 @@ func (c genericOauthClient) exchangeOauthCode(ctx context.Context, code string)
form := url.Values{}
form.Add("grant_type", "authorization_code")
form.Add("redirect_uri", c.CallbackLocation)
form.Add("scope", "read_user")
form.Add("scope", c.Scope)
form.Add("code", code)
req, err := http.NewRequest("POST", c.ExchangeLocation, strings.NewReader(form.Encode()))
if err != nil {
@@ -110,5 +111,6 @@ func (c genericOauthClient) inspectOauthAccessToken(ctx context.Context, accessT
if inspectResponse.Error != "" {
return nil, errors.New(inspectResponse.Error)
}

return &inspectResponse, nil
}

Write Preview
Loading…
Cancel
Save