(req *http.Request, via []*http.Request, orgToken string)
| 405 | } |
| 406 | |
| 407 | func handleRedirects(req *http.Request, via []*http.Request, orgToken string) error { |
| 408 | // attach org token to login request |
| 409 | if strings.Contains(req.URL.Path, AccessLoginWorkerPath) { |
| 410 | req.AddCookie(&http.Cookie{Name: tokenCookie, Value: orgToken}) //nolint: gosec |
| 411 | } |
| 412 | |
| 413 | // attach app session cookie to authorized request |
| 414 | if strings.Contains(req.URL.Path, AccessAuthorizedWorkerPath) { |
| 415 | // We need to check and see if the CF_APP_SESSION cookie was set |
| 416 | for _, prevReq := range via { |
| 417 | if prevReq != nil && prevReq.Response != nil { |
| 418 | for _, c := range prevReq.Response.Cookies() { |
| 419 | if c.Name == appSessionCookie { |
| 420 | req.AddCookie(&http.Cookie{Name: appSessionCookie, Value: c.Value}) //nolint: gosec |
| 421 | return nil |
| 422 | } |
| 423 | } |
| 424 | } |
| 425 | } |
| 426 | } |
| 427 | |
| 428 | // stop after hitting authorized endpoint since it will contain the app token |
| 429 | if len(via) > 0 && strings.Contains(via[len(via)-1].URL.Path, AccessAuthorizedWorkerPath) { |
| 430 | return http.ErrUseLastResponse |
| 431 | } |
| 432 | return nil |
| 433 | } |
| 434 | |
| 435 | // exchangeOrgToken attaches an org token to a request to the appURL and returns an app token. This uses the Access SSO |
| 436 | // flow to automatically generate and return an app token without the login page. |
no outgoing calls