Skip to content

Commit

Permalink
Refactor callback uri hardcode
Browse files Browse the repository at this point in the history
in OAuth2Serivce we've been left with
a hardcode of a callback uri, even though
in other places all hardcodes to other URI's
have been removed.
  • Loading branch information
s2lomon authored and kokosing committed Oct 20, 2021
1 parent 2948709 commit 2663e9f
Showing 1 changed file with 13 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -136,15 +136,24 @@ public OAuth2Service(OAuth2Client client, @ForOAuth2 SigningKeyResolver signingK

public Response startOAuth2Challenge(UriInfo uriInfo)
{
return startOAuth2Challenge(uriInfo, Optional.empty());
return startOAuth2Challenge(
uriInfo.getBaseUri().resolve(CALLBACK_ENDPOINT),
Optional.empty());
}

public Response startOAuth2Challenge(UriInfo uriInfo, String handlerState)
{
return startOAuth2Challenge(uriInfo, Optional.of(handlerState));
return startOAuth2Challenge(
uriInfo.getBaseUri().resolve(CALLBACK_ENDPOINT),
Optional.of(handlerState));
}

private Response startOAuth2Challenge(UriInfo uriInfo, Optional<String> handlerState)
public Response startOAuth2Challenge(URI callbackUri, String handlerState)
{
return startOAuth2Challenge(callbackUri, Optional.of(handlerState));
}

private Response startOAuth2Challenge(URI callbackUri, Optional<String> handlerState)
{
Instant challengeExpiration = now().plus(challengeTimeout);
String state = Jwts.builder()
@@ -166,7 +175,7 @@ private Response startOAuth2Challenge(UriInfo uriInfo, Optional<String> handlerS
Response.ResponseBuilder response = Response.seeOther(
client.getAuthorizationUri(
state,
uriInfo.getBaseUri().resolve(CALLBACK_ENDPOINT),
callbackUri,
nonce.map(OAuth2Service::hashNonce)));
nonce.ifPresent(nce -> response.cookie(NonceCookie.create(nce, challengeExpiration)));
return response.build();

0 comments on commit 2663e9f

Please sign in to comment.