From 27a39dee821f49a0920a05d8cf2891367ced3656 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 18 Mar 2025 14:47:06 -0600
Subject: refactor: allow overriding the default authorize uri query params

---
 bin/ui | 55 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 37 insertions(+), 18 deletions(-)

(limited to 'bin/ui')

diff --git a/bin/ui b/bin/ui
index ff5de212..3e6ea931 100755
--- a/bin/ui
+++ b/bin/ui
@@ -40,9 +40,10 @@ end
 
 module OAuth
   class Client
-    attr_reader :client_id, :client_secret, :http
+    attr_reader :client_id, :client_secret, :http, :authz_host
 
-    def initialize(client_id, client_secret)
+    def initialize(authz_host, client_id, client_secret)
+      @authz_host = authz_host
       @client_id = client_id
       @client_secret = client_secret
       @http = Net::Hippie::Client.new(headers: ::Net::Hippie::Client::DEFAULT_HEADERS.merge({
@@ -54,12 +55,40 @@ module OAuth
       server_metadata.fetch(key)
     end
 
-    def redirect_uri
-      "#{$scheme}://#{$host}/oauth/callback"
+    def authorize_uri(state: SecureRandom.uuid, response_type: "code", response_mode: "query", scope: "openid")
+      [
+        self[:authorization_endpoint],
+        to_query(
+          client_id: client_id,
+          state: state,
+          redirect_uri: redirect_uri,
+          response_mode: response_mode,
+          response_type: response_type,
+          scope: scope,
+        )
+      ].join("?")
+    end
+
+    def exchange(grant_type:, code:)
+      with_http do |client|
+        client.post(self[:token_endpoint], body: {
+          grant_type: grant_type,
+          code: code,
+          code_verifier: "not_implemented"
+        })
+      end
     end
 
-    def authorize_uri(state: SecureRandom.uuid, response_mode: "query", scope: "openid")
-      "#{self[:authorization_endpoint]}?client_id=#{client_id}&state=#{state}&redirect_uri=#{redirect_uri}&response_type=code&response_mode=#{response_mode}&scope=#{scope}"
+    private
+
+    def to_query(params = {})
+      params.map do |(key, value)|
+        [key, value].join("=")
+      end.join("&")
+    end
+
+    def redirect_uri
+      "#{$scheme}://#{$host}/oauth/callback"
     end
 
     def with_http
@@ -71,20 +100,10 @@ module OAuth
     def server_metadata
       @server_metadata ||=
         with_http do |client|
-          response = client.get("http://#{$idp_host}/.well-known/openid-configuration")
+          response = client.get("http://#{authz_host}/.well-known/oauth-authorization-server")
           JSON.parse(response.body, symbolize_names: true)
         end
     end
-
-    def exchange(grant_type:, code:)
-      with_http do |client|
-        client.post(self[:token_endpoint], body: {
-          grant_type: grant_type,
-          code: code,
-          code_verifier: "not_implemented"
-        })
-      end
-    end
   end
 end
 
@@ -216,7 +235,7 @@ if __FILE__ == $0
     use Rack::Reloader
     use Rack::Session::Cookie, { domain: $host.split(":", 2)[0], path: "/", secret: SecureRandom.hex(64) }
 
-    run UI.new(::OAuth::Client.new('client_id', 'client_secret'))
+    run UI.new(::OAuth::Client.new($idp_host, 'client_id', 'client_secret'))
   end.to_app
 
   Rackup::Server.start(app: app, Port: $port)
-- 
cgit v1.2.3