diff options
| author | Jesse Luehrs <doy@tozt.net> | 2019-11-27 11:29:09 -0500 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2019-11-27 11:29:09 -0500 |
| commit | a7ebc62a80933a73eae2282827e74dfaeb107820 (patch) | |
| tree | ab3c9972f36926e67961eb09e23a700cba7479c2 | |
| parent | a7b13be27b7398c84296ef82ba60b7a441a3fb0f (diff) | |
| download | teleterm-a7ebc62a80933a73eae2282827e74dfaeb107820.tar.gz teleterm-a7ebc62a80933a73eae2282827e74dfaeb107820.zip | |
calculate the redirect_url for web oauth too
a bit more complicated because it needs to use the configured
public_address, etc
| -rw-r--r-- | README.md | 17 | ||||
| -rw-r--r-- | teleterm/src/cmd/web.rs | 17 | ||||
| -rw-r--r-- | teleterm/src/config.rs | 20 | ||||
| -rw-r--r-- | teleterm/src/oauth.rs | 4 |
4 files changed, 37 insertions, 21 deletions
@@ -169,9 +169,6 @@ need to configure separate OAuth applications for `cli` and `web` since the * OAuth client id. Required. * `client_secret` * OAuth client secret. Required. -* `redirect_url` - * OAuth client redirect url. Required if `<client>` is `web`, and must be - the `/oauth` path at the externally reachable domain of your web server. #### `[client]` (used by `tt stream` and `tt watch`) @@ -213,6 +210,20 @@ need to configure separate OAuth applications for `cli` and `web` since the * Name of the TTYrec file to save to or read from. * Default: `teleterm.ttyrec` +### OAuth + +`tt` expects OAuth applications to be configured with specific values for the +`redirect_url` setting. In particular: + +* For `cli`, the `redirect_url` should be exactly + `http://localhost:44141/oauth`. +* For `web`, the `redirect_url` should be + `<scheme>://<public_address>/oauth/<method>`, where `<scheme>` is either + `http` or `https` depending on whether your web server has TLS enabled, + `<public_address>` is the `public_address` value configured in the `[web]` + section, and `<method>` is the authentication method (currently only + `recurse_center` is supported here). + ## Troubleshooting ### I'm trying to watch someone and the output is a garbled mess! diff --git a/teleterm/src/cmd/web.rs b/teleterm/src/cmd/web.rs index 889179b..a9dc830 100644 --- a/teleterm/src/cmd/web.rs +++ b/teleterm/src/cmd/web.rs @@ -38,9 +38,20 @@ impl crate::config::Config for Config { self.oauth_configs .iter() .filter_map(|(ty, configs)| { - configs - .get(&crate::protocol::AuthClient::Web) - .map(|config| (*ty, config.clone())) + configs.get(&crate::protocol::AuthClient::Web).map( + |config| { + let mut config = config.clone(); + // TODO: tls + let url = url::Url::parse(&format!( + "http://{}/oauth/{}", + self.web.public_address, + ty.name() + )) + .unwrap(); + config.set_redirect_url(url); + (*ty, config) + }, + ) }) .collect(), )) diff --git a/teleterm/src/config.rs b/teleterm/src/config.rs index 4000cb7..95d5366 100644 --- a/teleterm/src/config.rs +++ b/teleterm/src/config.rs @@ -913,22 +913,12 @@ where auth_client, }) .map_err(serde::de::Error::custom)?; + // this is wrong for Web configs, but it gets fixed up + // later since we need to calculate the real value from + // other parts of the config let redirect_url = - if auth_client == crate::protocol::AuthClient::Cli { - url::Url::parse(crate::oauth::CLI_REDIRECT_URL) - .unwrap() - } else { - config - .redirect_url - .context( - crate::error::OauthMissingConfiguration { - field: "redirect_url", - auth_type, - auth_client, - }, - ) - .map_err(serde::de::Error::custom)? - }; + url::Url::parse(crate::oauth::CLI_REDIRECT_URL) + .unwrap(); crate::oauth::RecurseCenter::config( &client_id, &client_secret, diff --git a/teleterm/src/oauth.rs b/teleterm/src/oauth.rs index 5283957..4e4ad72 100644 --- a/teleterm/src/oauth.rs +++ b/teleterm/src/oauth.rs @@ -145,6 +145,10 @@ pub struct Config { } impl Config { + pub fn set_redirect_url(&mut self, url: url::Url) { + self.redirect_url = url; + } + fn into_basic_client(self) -> oauth2::basic::BasicClient { oauth2::basic::BasicClient::new( oauth2::ClientId::new(self.client_id), |