(ctx context.Context, client *codersdk.Client, cfg *oauth2.Config)
| 897 | } |
| 898 | |
| 899 | func authorizationFlow(ctx context.Context, client *codersdk.Client, cfg *oauth2.Config) (code, codeVerifier string, err error) { |
| 900 | state := uuid.NewString() |
| 901 | codeVerifier, challenge := generatePKCE() |
| 902 | authURL := cfg.AuthCodeURL(state, |
| 903 | oauth2.SetAuthURLParam("code_challenge", challenge), |
| 904 | oauth2.SetAuthURLParam("code_challenge_method", "S256"), |
| 905 | ) |
| 906 | |
| 907 | // Make a POST request to simulate clicking "Allow" on the authorization page. |
| 908 | // This bypasses the HTML consent page and directly processes the authorization. |
| 909 | code, err = oidctest.OAuth2GetCode( |
| 910 | authURL, |
| 911 | func(req *http.Request) (*http.Response, error) { |
| 912 | // Change to POST to simulate the form submission. |
| 913 | req.Method = http.MethodPost |
| 914 | |
| 915 | // Prevent automatic redirect following. |
| 916 | client.HTTPClient.CheckRedirect = func(req *http.Request, via []*http.Request) error { |
| 917 | return http.ErrUseLastResponse |
| 918 | } |
| 919 | return client.Request(ctx, req.Method, req.URL.String(), nil) |
| 920 | }, |
| 921 | ) |
| 922 | return code, codeVerifier, err |
| 923 | } |
| 924 | |
| 925 | func must[T any](value T, err error) T { |
| 926 | if err != nil { |
no test coverage detected