Respect oauth2.Config.RedirectURL if set (#263)

Author: int128

oauth2cli.go

@@ -50,22 +50,23 @@ const DefaultLocalServerSuccessHTML = `
 // Config represents a config for GetToken.
 type Config struct {
 	// OAuth2 config.
-	// RedirectURL will be automatically set to the local server.
+	// If the RedirectURL field is not set, default to http://localhost with the allocated port and LocalServerCallbackPath.
+	// If the RedirectURL field is set, make sure it matches the LocalServerBindAddress and LocalServerCallbackPath.
 	OAuth2Config oauth2.Config
 
 	// Options for an authorization request.
 	// You can set oauth2.AccessTypeOffline or oauth2.S256ChallengeOption.
 	AuthCodeOptions []oauth2.AuthCodeOption
+
 	// Options for a token request.
 	// You can set oauth2.VerifierOption.
 	TokenRequestOptions []oauth2.AuthCodeOption
+
 	// State parameter in the authorization request.
 	// Default to a string of random 32 bytes.
 	State string
 
-	// Hostname of the redirect URL.
-	// You can set this if your provider does not accept localhost.
-	// Default to localhost.
+	// DEPRECATED: Set OAuth2Config.RedirectURL instead.
 	RedirectURLHostname string
 
 	// Candidates of hostname and port which the local server binds to.
@@ -79,24 +80,31 @@ type Config struct {
 	// certificates. It's recommended that the public key's SANs contain
 	// the loopback addresses - 'localhost', '127.0.0.1' and '::1'
 	LocalServerCertFile string
+
 	// A PEM-encoded private key for the certificate.
 	// This is required when LocalServerCertFile is set.
 	LocalServerKeyFile string
 
 	// Callback path of the local server.
-	// If your provider requires a specific path of the redirect URL, set it here.
+	// If your provider requires a specific path of the redirect URL, set this field.
+	// Default to none.
 	LocalServerCallbackPath string
 
 	// Response HTML body on authorization completed.
 	// Default to DefaultLocalServerSuccessHTML.
 	LocalServerSuccessHTML string
-	// Middleware for the local server. Default to none.
+
+	// Middleware for the local server.
+	// Default to none.
 	LocalServerMiddleware func(h http.Handler) http.Handler
-	// A channel to send its URL when the local server is ready. Default to none.
+
+	// A channel to send the local server URL when it is ready.
+	// Default to none.
 	LocalServerReadyChan chan<- string
 
 	// Redirect URL upon successful login
 	SuccessRedirectURL string
+
 	// Redirect URL upon failed login
 	FailureRedirectURL string
 
@@ -113,9 +121,6 @@ func (cfg *Config) validateAndSetDefaults() error {
 		(cfg.LocalServerCertFile == "" && cfg.LocalServerKeyFile != "") {
 		return fmt.Errorf("both LocalServerCertFile and LocalServerKeyFile must be set")
 	}
-	if cfg.RedirectURLHostname == "" {
-		cfg.RedirectURLHostname = "localhost"
-	}
 	if cfg.State == "" {
 		state, err := oauth2params.NewState()
 		if err != nil {

server.go

@@ -21,17 +21,29 @@ func receiveCodeViaLocalServer(ctx context.Context, cfg *Config) (string, error)
 	}
 	defer localServerListener.Close()
 
-	localServerPort := localServerListener.Addr().(*net.TCPAddr).Port
-	localServerURL := constructLocalServerURL(cfg, localServerPort)
-	localServerIndexURL, err := localServerURL.Parse("/")
+	if cfg.OAuth2Config.RedirectURL == "" {
+		var localServerURL url.URL
+		localServerHostname := "localhost"
+		if cfg.RedirectURLHostname != "" {
+			localServerHostname = cfg.RedirectURLHostname
+		}
+		localServerURL.Host = fmt.Sprintf("%s:%d", localServerHostname, localServerListener.Addr().(*net.TCPAddr).Port)
+		localServerURL.Scheme = "http"
+		if cfg.isLocalServerHTTPS() {
+			localServerURL.Scheme = "https"
+		}
+		localServerURL.Path = cfg.LocalServerCallbackPath
+		cfg.OAuth2Config.RedirectURL = localServerURL.String()
+	}
+
+	oauth2RedirectURL, err := url.Parse(cfg.OAuth2Config.RedirectURL)
 	if err != nil {
-		return "", fmt.Errorf("construct the index URL: %w", err)
+		return "", fmt.Errorf("invalid OAuth2Config.RedirectURL: %w", err)
 	}
-	localServerCallbackURL, err := localServerURL.Parse(cfg.LocalServerCallbackPath)
+	localServerIndexURL, err := oauth2RedirectURL.Parse("/")
 	if err != nil {
-		return "", fmt.Errorf("construct the callback URL: %w", err)
+		return "", fmt.Errorf("construct the index URL: %w", err)
 	}
-	cfg.OAuth2Config.RedirectURL = localServerCallbackURL.String()
 
 	respCh := make(chan *authorizationResponse)
 	server := http.Server{
@@ -108,16 +120,6 @@ func receiveCodeViaLocalServer(ctx context.Context, cfg *Config) (string, error)
 	return resp.code, resp.err
 }
 
-func constructLocalServerURL(cfg *Config, port int) url.URL {
-	var localServer url.URL
-	localServer.Host = fmt.Sprintf("%s:%d", cfg.RedirectURLHostname, port)
-	localServer.Scheme = "http"
-	if cfg.isLocalServerHTTPS() {
-		localServer.Scheme = "https"
-	}
-	return localServer
-}
-
 type authorizationResponse struct {
 	code string // non-empty if a valid code is received
 	err  error  // non-nil if an error is received or any error occurs