From 3aa657599b7e908609387135f866705c9ae574ce Mon Sep 17 00:00:00 2001 From: Bethuel Mmbaga Date: Thu, 17 Aug 2023 15:10:03 +0300 Subject: [PATCH] Switch OAuth flow initialization order (#1089) Switches the order of initialization in the OAuth flow within the NewOAuthFlow method. Instead of initializing the Device Authorization Flow first, it now initializes the PKCE Authorization Flow first, and falls back to the Device Authorization Flow if the PKCE initialization fails. --- client/internal/auth/oauth.go | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/client/internal/auth/oauth.go b/client/internal/auth/oauth.go index d7365df60..794fe0958 100644 --- a/client/internal/auth/oauth.go +++ b/client/internal/auth/oauth.go @@ -59,19 +59,17 @@ func (t TokenInfo) GetTokenToUse() string { // NewOAuthFlow initializes and returns the appropriate OAuth flow based on the management configuration. func NewOAuthFlow(ctx context.Context, config *internal.Config) (OAuthFlow, error) { - log.Debug("getting device authorization flow info") + log.Debug("loading pkce authorization flow info") - // Try to initialize the Device Authorization Flow - deviceFlowInfo, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL) + pkceFlowInfo, err := internal.GetPKCEAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL) if err == nil { - return NewDeviceAuthorizationFlow(deviceFlowInfo.ProviderConfig) + return NewPKCEAuthorizationFlow(pkceFlowInfo.ProviderConfig) } - log.Debugf("getting device authorization flow info failed with error: %v", err) - log.Debugf("falling back to pkce authorization flow info") + log.Debugf("loading pkce authorization flow info failed with error: %v", err) + log.Debugf("falling back to device authorization flow info") - // If Device Authorization Flow failed, try the PKCE Authorization Flow - pkceFlowInfo, err := internal.GetPKCEAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL) + deviceFlowInfo, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL) if err != nil { s, ok := gstatus.FromError(err) if ok && s.Code() == codes.NotFound { @@ -82,9 +80,9 @@ func NewOAuthFlow(ctx context.Context, config *internal.Config) (OAuthFlow, erro return nil, fmt.Errorf("the management server, %s, does not support SSO providers, "+ "please update your server or use Setup Keys to login", config.ManagementURL) } else { - return nil, fmt.Errorf("getting pkce authorization flow info failed with error: %v", err) + return nil, fmt.Errorf("getting device authorization flow info failed with error: %v", err) } } - return NewPKCEAuthorizationFlow(pkceFlowInfo.ProviderConfig) + return NewDeviceAuthorizationFlow(deviceFlowInfo.ProviderConfig) }