Refactor #944 (#951)

2026-02-14 16:39:51 +00:00 · 2023-06-24 15:26:39 +09:00
parent 069ff68d99
commit 622dc5ba0b
4 changed files with 44 additions and 27 deletions
--- a/pkg/cmd/authentication.go
+++ b/pkg/cmd/authentication.go
@@ -12,21 +12,23 @@ import (
 	"github.com/spf13/pflag"
 )

+const oobRedirectURI = "urn:ietf:wg:oauth:2.0:oob"
+
 type authenticationOptions struct {
-	GrantType                  string
-	ListenAddress              []string
-	ListenPort                 []int // deprecated
-	AuthenticationTimeoutSec   int
-	SkipOpenBrowser            bool
-	BrowserCommand             string
-	LocalServerCertFile        string
-	LocalServerKeyFile         string
-	OpenURLAfterAuthentication string
-	RedirectURLHostname        string
-	AuthRequestExtraParams     map[string]string
-	CodeRedirectURL            string
-	Username                   string
-	Password                   string
+	GrantType                   string
+	ListenAddress               []string
+	ListenPort                  []int // deprecated
+	AuthenticationTimeoutSec    int
+	SkipOpenBrowser             bool
+	BrowserCommand              string
+	LocalServerCertFile         string
+	LocalServerKeyFile          string
+	OpenURLAfterAuthentication  string
+	RedirectURLHostname         string
+	RedirectURLAuthCodeKeyboard string
+	AuthRequestExtraParams      map[string]string
+	Username                    string
+	Password                    string
 }

 // determineListenAddress returns the addresses from the flags.
@@ -67,8 +69,8 @@ func (o *authenticationOptions) addFlags(f *pflag.FlagSet) {
 	f.StringVar(&o.LocalServerKeyFile, "local-server-key", "", "[authcode] Certificate key path for the local server")
 	f.StringVar(&o.OpenURLAfterAuthentication, "open-url-after-authentication", "", "[authcode] If set, open the URL in the browser after authentication")
 	f.StringVar(&o.RedirectURLHostname, "oidc-redirect-url-hostname", "localhost", "[authcode] Hostname of the redirect URL")
+	f.StringVar(&o.RedirectURLAuthCodeKeyboard, "oidc-redirect-url-authcode-keyboard", oobRedirectURI, "[authcode-keyboard] Redirect URL")
 	f.StringToStringVar(&o.AuthRequestExtraParams, "oidc-auth-request-extra-params", nil, "[authcode, authcode-keyboard] Extra query parameters to send with an authentication request")
-	f.StringVar(&o.CodeRedirectURL, "code-redirect-url", "", "[authcode-keybaord] URL to send the code to")
 	f.StringVar(&o.Username, "username", "", "[password] Username for resource owner password credentials grant")
 	f.StringVar(&o.Password, "password", "", "[password] Password for resource owner password credentials grant")
 }
@@ -95,7 +97,7 @@ func (o *authenticationOptions) grantOptionSet() (s authentication.GrantOptionSe
 	case o.GrantType == "authcode-keyboard":
 		s.AuthCodeKeyboardOption = &authcode.KeyboardOption{
 			AuthRequestExtraParams: o.AuthRequestExtraParams,
-			CodeRedirectURL:        o.CodeRedirectURL,
+			RedirectURL:            o.RedirectURLAuthCodeKeyboard,
 		}
 	case o.GrantType == "password" || (o.GrantType == "auto" && o.Username != ""):
 		s.ROPCOption = &ropc.Option{
--- a/pkg/cmd/authentication_test.go
+++ b/pkg/cmd/authentication_test.go
@@ -89,7 +89,20 @@ func Test_authenticationOptions_grantOptionSet(t *testing.T) {
 				"--grant-type", "authcode-keyboard",
 			},
 			want: authentication.GrantOptionSet{
-				AuthCodeKeyboardOption: &authcode.KeyboardOption{},
+				AuthCodeKeyboardOption: &authcode.KeyboardOption{
+					RedirectURL: oobRedirectURI,
+				},
+			},
+		},
+		"GrantType=authcode-keyboard with full options": {
+			args: []string{
+				"--grant-type", "authcode-keyboard",
+				"--oidc-redirect-url-authcode-keyboard", "http://localhost",
+			},
+			want: authentication.GrantOptionSet{
+				AuthCodeKeyboardOption: &authcode.KeyboardOption{
+					RedirectURL: "http://localhost",
+				},
 			},
 		},
 		"GrantType=password": {
--- a/pkg/usecases/authentication/authcode/keyboard.go
+++ b/pkg/usecases/authentication/authcode/keyboard.go
@@ -12,11 +12,10 @@ import (
 )

 const keyboardPrompt = "Enter code: "
-const oobRedirectURI = "urn:ietf:wg:oauth:2.0:oob"

 type KeyboardOption struct {
 	AuthRequestExtraParams map[string]string
-	CodeRedirectURL        string
+	RedirectURL            string
 }

 // Keyboard provides the authorization code flow with keyboard interactive.
@@ -39,16 +38,12 @@ func (u *Keyboard) Do(ctx context.Context, o *KeyboardOption, oidcClient client.
 	if err != nil {
 		return nil, fmt.Errorf("could not generate PKCE parameters: %w", err)
 	}
-	redirectUri := oobRedirectURI
-	if o.CodeRedirectURL != "" {
-		redirectUri = o.CodeRedirectURL
-	}

 	authCodeURL := oidcClient.GetAuthCodeURL(client.AuthCodeURLInput{
 		State:                  state,
 		Nonce:                  nonce,
 		PKCEParams:             p,
-		RedirectURI:            redirectUri,
+		RedirectURI:            o.RedirectURL,
 		AuthRequestExtraParams: o.AuthRequestExtraParams,
 	})
 	u.Logger.Printf("Please visit the following URL in your browser: %s", authCodeURL)
@@ -62,7 +57,7 @@ func (u *Keyboard) Do(ctx context.Context, o *KeyboardOption, oidcClient client.
 		Code:        code,
 		PKCEParams:  p,
 		Nonce:       nonce,
-		RedirectURI: redirectUri,
+		RedirectURI: o.RedirectURL,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("could not exchange the authorization code: %w", err)