fix oob oauth to use localhost and update elements bucket (#798)

* fix oob oauth to use localhost and update elements bucket * don't display auth code in browser window * fix var name comment
googlecodelabs · Nov 9, 2022 · 966d39d · 966d39d
1 parent 3b2249d
commit 966d39d
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 10 deletions.
diff --git a/claat/fetch/drive/auth/auth.go b/claat/fetch/drive/auth/auth.go
@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"log"
+	"net"
 	"net/http"
 	"os"
 	"path"
@@ -43,14 +44,33 @@ var (
 		ClientID:     googClient,
 		ClientSecret: googSecret,
 		Scopes:       []string{scopeDriveReadOnly},
-		RedirectURL:  "urn:ietf:wg:oauth:2.0:oob",
+		RedirectURL:  "http://localhost:8091",
 		Endpoint: oauth2.Endpoint{
 			AuthURL:  "https://accounts.google.com/o/oauth2/auth",
 			TokenURL: "https://accounts.google.com/o/oauth2/token",
 		},
 	}
 )
 
+// The webserver waits for an oauth code in the three-legged auth flow.
+func startWebServer() (code string, err error) {
+	listener, err := net.Listen("tcp", "localhost:8091")
+	if err != nil {
+		return "", err
+	}
+	codeCh := make(chan string)
+
+	go http.Serve(listener, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		code := r.FormValue("code")
+		codeCh <- code // send code to OAuth flow
+		listener.Close()
+		w.Header().Set("Content-Type", "text/plain")
+		fmt.Fprintf(w, "Received oauth code\r\nYou can now safely close this browser window.")
+	}))
+        code = <- codeCh
+	return code, nil
+}
+
 type authorizationHandler func(conf *oauth2.Config) (*oauth2.Token, error)
 
 type internalOptions struct {
@@ -214,10 +234,10 @@ func (c *cachedTokenSource) Token() (*oauth2.Token, error) {
 
 // authorize performs user authorization flow, asking for permissions grant.
 func authorize(conf *oauth2.Config) (*oauth2.Token, error) {
-	aurl := conf.AuthCodeURL("unused", oauth2.AccessTypeOffline)
-	fmt.Printf("Authorize me at following URL, please:\n\n%s\n\nCode: ", aurl)
-	var code string
-	if _, err := fmt.Scan(&code); err != nil {
+	aURL := conf.AuthCodeURL("unused", oauth2.AccessTypeOffline)
+	fmt.Printf("Authorize me at following URL, please:\n\n%s\n", aURL)
+	code, err := startWebServer()
+	if err != nil {
 		return nil, err
 	}
 	return conf.Exchange(context.Background(), code)

diff --git a/claat/render/template.html b/claat/render/template.html
@@ -23,7 +23,7 @@
   <title>{{.Meta.Title}}</title>
   <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Source+Code+Pro:400|Roboto:400,300,400italic,500,700|Roboto+Mono">
   <link rel="stylesheet" href="//fonts.googleapis.com/icon?family=Material+Icons">
-  <link rel="stylesheet" href="{{.Prefix}}/codelab-elements/codelab-elements.css">
+  <link rel="stylesheet" href="{{.Prefix}}/claat-public/codelab-elements.css">
   <style>
     .success {
       color: #1e8e3e;
@@ -47,10 +47,10 @@
     {{end}}{{end}}
   </google-codelab>
 
-  <script src="{{.Prefix}}/codelab-elements/native-shim.js"></script>
-  <script src="{{.Prefix}}/codelab-elements/custom-elements.min.js"></script>
-  <script src="{{.Prefix}}/codelab-elements/prettify.js"></script>
-  <script src="{{.Prefix}}/codelab-elements/codelab-elements.js"></script>
+  <script src="{{.Prefix}}/claat-public/native-shim.js"></script>
+  <script src="{{.Prefix}}/claat-public/custom-elements.min.js"></script>
+  <script src="{{.Prefix}}/claat-public/prettify.js"></script>
+  <script src="{{.Prefix}}/claat-public/codelab-elements.js"></script>
   <script src="//support.google.com/inapp/api.js"></script>
 
 </body>