make approval url dynamic

256dpi · Nov 25, 2019 · 40ef7e4 · 40ef7e4
1 parent 2c9f835
commit 40ef7e4
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 8 deletions.
diff --git a/example/main.go b/example/main.go
@@ -129,7 +129,7 @@ func createHandler(store *coal.Store) http.Handler {
 	policy.ClientCredentialsGrant = true
 	policy.ImplicitGrant = true
 	policy.AuthorizationCodeGrant = true
-	policy.ApprovalURL = "http://0.0.0.0:4200/authorize"
+	policy.ApprovalURL = flame.StaticApprovalURL("http://0.0.0.0:4200/authorize")
 	policy.GrantStrategy = func(scope oauth2.Scope, client flame.Client, owner flame.ResourceOwner) (oauth2.Scope, error) {
 		return scope, nil
 	}

diff --git a/flame/authenticator.go b/flame/authenticator.go
@@ -308,8 +308,11 @@ func (a *Authenticator) authorizationEndpoint(env *environment) {
 
 	// check request method
 	if env.request.Method == "GET" {
-		// abort if approval URL is not configured
-		if a.policy.ApprovalURL == "" {
+		// get approval url
+		url, err := a.policy.ApprovalURL(client)
+		if err != nil {
+			stack.Abort(err)
+		} else if url == "" {
 			abort(oauth2.InvalidRequest("unsupported request method"))
 		}
 
@@ -320,7 +323,7 @@ func (a *Authenticator) authorizationEndpoint(env *environment) {
 		}
 
 		// perform redirect
-		stack.AbortIf(oauth2.WriteRedirect(env.writer, a.policy.ApprovalURL, params, false))
+		stack.AbortIf(oauth2.WriteRedirect(env.writer, url, params, false))
 
 		return
 	}

diff --git a/flame/policy.go b/flame/policy.go
@@ -41,10 +41,6 @@ type Policy struct {
 	ImplicitGrant          bool
 	AuthorizationCodeGrant bool
 
-	// The URL to the page that obtains the approval of the user in implicit and
-	// authorization code grants.
-	ApprovalURL string
-
 	// The token model.
 	Token GenericToken
 
@@ -75,6 +71,10 @@ type Policy struct {
 	// Note: ResourceOwner is not set for a client credentials grant.
 	GrantStrategy func(oauth2.Scope, Client, ResourceOwner) (oauth2.Scope, error)
 
+	// The URL to the page that obtains the approval of the user in implicit and
+	// authorization code grants.
+	ApprovalURL func(Client) (string, error)
+
 	// ApproveStrategy is invoked by the authenticator to verify the
 	// authorization approval by an authenticated resource owner in the implicit
 	// grant and authorization code grant flows. The callback should return the
@@ -105,6 +105,13 @@ func DefaultGrantStrategy(scope oauth2.Scope, _ Client, _ ResourceOwner) (oauth2
 	return scope, nil
 }
 
+// StaticApprovalURL returns a static approval URL.
+func StaticApprovalURL(url string) func(Client) (string, error) {
+	return func(Client) (string, error) {
+		return url, nil
+	}
+}
+
 // DefaultApproveStrategy rejects all approvals.
 func DefaultApproveStrategy(GenericToken, oauth2.Scope, Client, ResourceOwner) (oauth2.Scope, error) {
 	return nil, ErrApprovalRejected
@@ -132,6 +139,7 @@ func DefaultPolicy(secret string) *Policy {
 			return []ResourceOwner{&User{}}
 		},
 		GrantStrategy:             DefaultGrantStrategy,
+		ApprovalURL:               StaticApprovalURL(""),
 		ApproveStrategy:           DefaultApproveStrategy,
 		TokenData:                 DefaultTokenData,
 		AccessTokenLifespan:       time.Hour,