From a7ebc62a80933a73eae2282827e74dfaeb107820 Mon Sep 17 00:00:00 2001 From: Jesse Luehrs Date: Wed, 27 Nov 2019 11:29:09 -0500 Subject: calculate the redirect_url for web oauth too a bit more complicated because it needs to use the configured public_address, etc --- README.md | 17 ++++++++++++++--- teleterm/src/cmd/web.rs | 17 ++++++++++++++--- teleterm/src/config.rs | 20 +++++--------------- teleterm/src/oauth.rs | 4 ++++ 4 files changed, 37 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 4bdf079..66ed19a 100644 --- a/README.md +++ b/README.md @@ -169,9 +169,6 @@ need to configure separate OAuth applications for `cli` and `web` since the * OAuth client id. Required. * `client_secret` * OAuth client secret. Required. -* `redirect_url` - * OAuth client redirect url. Required if `` is `web`, and must be - the `/oauth` path at the externally reachable domain of your web server. #### `[client]` (used by `tt stream` and `tt watch`) @@ -213,6 +210,20 @@ need to configure separate OAuth applications for `cli` and `web` since the * Name of the TTYrec file to save to or read from. * Default: `teleterm.ttyrec` +### OAuth + +`tt` expects OAuth applications to be configured with specific values for the +`redirect_url` setting. In particular: + +* For `cli`, the `redirect_url` should be exactly + `http://localhost:44141/oauth`. +* For `web`, the `redirect_url` should be + `:///oauth/`, where `` is either + `http` or `https` depending on whether your web server has TLS enabled, + `` is the `public_address` value configured in the `[web]` + section, and `` is the authentication method (currently only + `recurse_center` is supported here). + ## Troubleshooting ### I'm trying to watch someone and the output is a garbled mess! diff --git a/teleterm/src/cmd/web.rs b/teleterm/src/cmd/web.rs index 889179b..a9dc830 100644 --- a/teleterm/src/cmd/web.rs +++ b/teleterm/src/cmd/web.rs @@ -38,9 +38,20 @@ impl crate::config::Config for Config { self.oauth_configs .iter() .filter_map(|(ty, configs)| { - configs - .get(&crate::protocol::AuthClient::Web) - .map(|config| (*ty, config.clone())) + configs.get(&crate::protocol::AuthClient::Web).map( + |config| { + let mut config = config.clone(); + // TODO: tls + let url = url::Url::parse(&format!( + "http://{}/oauth/{}", + self.web.public_address, + ty.name() + )) + .unwrap(); + config.set_redirect_url(url); + (*ty, config) + }, + ) }) .collect(), )) diff --git a/teleterm/src/config.rs b/teleterm/src/config.rs index 4000cb7..95d5366 100644 --- a/teleterm/src/config.rs +++ b/teleterm/src/config.rs @@ -913,22 +913,12 @@ where auth_client, }) .map_err(serde::de::Error::custom)?; + // this is wrong for Web configs, but it gets fixed up + // later since we need to calculate the real value from + // other parts of the config let redirect_url = - if auth_client == crate::protocol::AuthClient::Cli { - url::Url::parse(crate::oauth::CLI_REDIRECT_URL) - .unwrap() - } else { - config - .redirect_url - .context( - crate::error::OauthMissingConfiguration { - field: "redirect_url", - auth_type, - auth_client, - }, - ) - .map_err(serde::de::Error::custom)? - }; + url::Url::parse(crate::oauth::CLI_REDIRECT_URL) + .unwrap(); crate::oauth::RecurseCenter::config( &client_id, &client_secret, diff --git a/teleterm/src/oauth.rs b/teleterm/src/oauth.rs index 5283957..4e4ad72 100644 --- a/teleterm/src/oauth.rs +++ b/teleterm/src/oauth.rs @@ -145,6 +145,10 @@ pub struct Config { } impl Config { + pub fn set_redirect_url(&mut self, url: url::Url) { + self.redirect_url = url; + } + fn into_basic_client(self) -> oauth2::basic::BasicClient { oauth2::basic::BasicClient::new( oauth2::ClientId::new(self.client_id), -- cgit v1.2.3-54-g00ecf