MCPcopy
hub / github.com/oauth2-proxy/oauth2-proxy / doOAuthStart

Method doOAuthStart

oauthproxy.go:825–881  ·  view source on GitHub ↗
(rw http.ResponseWriter, req *http.Request, overrides url.Values)

Source from the content-addressed store, hash-verified

823}
824
825func (p *OAuthProxy) doOAuthStart(rw http.ResponseWriter, req *http.Request, overrides url.Values) {
826 extraParams := p.provider.Data().LoginURLParams(overrides)
827 prepareNoCache(rw)
828
829 var (
830 err error
831 codeChallenge, codeVerifier, codeChallengeMethod string
832 )
833 if p.provider.Data().CodeChallengeMethod != "" {
834 codeChallengeMethod = p.provider.Data().CodeChallengeMethod
835 codeVerifier, err = encryption.GenerateCodeVerifierString(96)
836 if err != nil {
837 logger.Errorf("Unable to build random ASCII string for code verifier: %v", err)
838 p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())
839 return
840 }
841
842 codeChallenge, err = encryption.GenerateCodeChallenge(p.provider.Data().CodeChallengeMethod, codeVerifier)
843 if err != nil {
844 logger.Errorf("Error creating code challenge: %v", err)
845 p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())
846 return
847 }
848
849 extraParams.Add("code_challenge", codeChallenge)
850 extraParams.Add("code_challenge_method", codeChallengeMethod)
851 }
852
853 csrf, err := cookies.NewCSRF(p.CookieOptions, codeVerifier)
854 if err != nil {
855 logger.Errorf("Error creating CSRF nonce: %v", err)
856 p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())
857 return
858 }
859
860 appRedirect, err := p.appDirector.GetRedirect(req)
861 if err != nil {
862 logger.Errorf("Error obtaining application redirect: %v", err)
863 p.ErrorPage(rw, req, http.StatusBadRequest, err.Error())
864 return
865 }
866
867 callbackRedirect := p.getOAuthRedirectURI(req)
868 loginURL := p.provider.GetLoginURL(
869 callbackRedirect,
870 encodeState(csrf.HashOAuthState(), appRedirect, p.encodeState),
871 csrf.HashOIDCNonce(),
872 extraParams,
873 )
874 cookies.ClearExtraCsrfCookies(p.CookieOptions, rw, req)
875 if _, err := csrf.SetCookie(rw, req); err != nil {
876 logger.Errorf("Error setting CSRF cookie: %v", err)
877 p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error())
878 return
879 }
880 http.Redirect(rw, req, loginURL, http.StatusFound)
881}
882

Callers 2

OAuthStartMethod · 0.95
ProxyMethod · 0.95

Calls 15

ErrorPageMethod · 0.95
getOAuthRedirectURIMethod · 0.95
HashOAuthStateMethod · 0.95
HashOIDCNonceMethod · 0.95
SetCookieMethod · 0.95
ErrorfFunction · 0.92
GenerateCodeChallengeFunction · 0.92
NewCSRFFunction · 0.92
ClearExtraCsrfCookiesFunction · 0.92
prepareNoCacheFunction · 0.85
encodeStateFunction · 0.85

Tested by

no test coverage detected