API: Update to latest eduoauth-go for better fetching of well-known

3 files changed, 23 insertions, 35 deletions

diff --git a/go.mod b/go.mod
index 742e464..555387c 100644
--- a/go.mod
+++ b/go.mod
@@ -3,9 +3,9 @@ module github.com/eduvpn/eduvpn-common
 go 1.18
 
 require (
-	codeberg.org/eduVPN/proxyguard v0.0.0-20240227141358-a9550f2beb55
+	codeberg.org/eduVPN/proxyguard v0.0.0-20240227170952-f81a10eebf39
 	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267
-	github.com/jwijenbergh/eduoauth-go v0.0.0-20240212102633-770ef228bd93
+	github.com/jwijenbergh/eduoauth-go v0.0.0-20240228154608-9a9ea667cfea
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
 	golang.org/x/text v0.14.0
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
diff --git a/go.sum b/go.sum
index 4aa1301..8fd8236 100644
--- a/go.sum
+++ b/go.sum
@@ -6,11 +6,15 @@ codeberg.org/eduVPN/proxyguard v0.0.0-20240223093313-0b7963ba28b9 h1:rxCDQzVDiZX
 codeberg.org/eduVPN/proxyguard v0.0.0-20240223093313-0b7963ba28b9/go.mod h1:fc7DsdgdLmrO7DN45HNp+ekVewlRcikSOkAvUeGUvWk=
 codeberg.org/eduVPN/proxyguard v0.0.0-20240227141358-a9550f2beb55 h1:1tRF8Oqqiwc49P5oQBWgh+dsXtrtbaR3om64RdxaeGc=
 codeberg.org/eduVPN/proxyguard v0.0.0-20240227141358-a9550f2beb55/go.mod h1:fc7DsdgdLmrO7DN45HNp+ekVewlRcikSOkAvUeGUvWk=
+codeberg.org/eduVPN/proxyguard v0.0.0-20240227170952-f81a10eebf39 h1:+yJDFkj7MZ/ogFPcwGObwGGlFIx0z9GOH1icfhvAXQM=
+codeberg.org/eduVPN/proxyguard v0.0.0-20240227170952-f81a10eebf39/go.mod h1:fc7DsdgdLmrO7DN45HNp+ekVewlRcikSOkAvUeGUvWk=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY=
 github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E=
 github.com/jwijenbergh/eduoauth-go v0.0.0-20240212102633-770ef228bd93 h1:exaMeJMSv4RCyjM/AKqcP9cdxzGsGrzd2XSLSUjOsrk=
 github.com/jwijenbergh/eduoauth-go v0.0.0-20240212102633-770ef228bd93/go.mod h1:HidfCfBBI7U0edu2f0tNM/4/kkm4pD+nrp6IlANo214=
+github.com/jwijenbergh/eduoauth-go v0.0.0-20240228154608-9a9ea667cfea h1:M9ieMlwjbXoDqgv62G3rF7dHxJJcXpfg9M2LYA5dr6E=
+github.com/jwijenbergh/eduoauth-go v0.0.0-20240228154608-9a9ea667cfea/go.mod h1:HidfCfBBI7U0edu2f0tNM/4/kkm4pD+nrp6IlANo214=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
diff --git a/internal/api/api.go b/internal/api/api.go
index d611896..f7b8329 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -64,17 +64,20 @@ type API struct {
 
 // NewAPI creates a new API object by creating an OAuth object
 func NewAPI(ctx context.Context, clientID string, sd ServerData, cb Callbacks, tokens *eduoauth.Token) (*API, error) {
-	ep, epauth, err := refreshEndpoints(ctx, sd)
-	if err != nil {
-		return nil, err
-	}
-
 	cr := customRedirect(clientID)
 	// Construct OAuth
 	o := eduoauth.OAuth{
 		ClientID:             clientID,
-		BaseAuthorizationURL: epauth.Authorization,
-		TokenURL:             epauth.Token,
+		EndpointFunc: func(ctx context.Context) (*eduoauth.EndpointResponse, error) {
+			ep, err := getEndpoints(ctx, sd.BaseAuthWK)
+			if err != nil {
+				return nil, err
+			}
+			return &eduoauth.EndpointResponse{
+				AuthorizationURL: ep.API.V3.Authorization,
+				TokenURL: ep.API.V3.Token,
+			}, nil
+		},
 		CustomRedirect:       cr,
 		RedirectPath:         "/callback",
 		TokensUpdated: func(tok eduoauth.Token) {
@@ -89,10 +92,9 @@ func NewAPI(ctx context.Context, clientID string, sd ServerData, cb Callbacks, t
 	api := &API{
 		cb:     cb,
 		oauth:  &o,
-		apiURL: ep.API,
 		Data:   sd,
 	}
-	err = api.authorize(ctx)
+	err := api.authorize(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -120,7 +122,7 @@ func (a *API) authorize(ctx context.Context) (err error) {
 	}()
 
 	scope := "config"
-	url, err := a.oauth.AuthURL(scope)
+	url, err := a.oauth.AuthURL(ctx, scope)
 	if err != nil {
 		return err
 	}
@@ -141,7 +143,11 @@ func (a *API) authorize(ctx context.Context) (err error) {
 }
 
 func (a *API) authorized(ctx context.Context, method string, endpoint string, opts *httpw.OptionalParams) (http.Header, []byte, error) {
-	u := a.apiURL + endpoint
+	ep, err := getEndpoints(ctx, a.Data.BaseWK)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := ep.API.V3.API + endpoint
 
 	// TODO: Cache HTTP client?
 	httpC := httpw.NewClient(a.oauth.NewHTTPClient())
@@ -335,28 +341,6 @@ func getEndpoints(ctx context.Context, url string) (*endpoints.Endpoints, error)
 	return &ep, nil
 }
 
-func refreshEndpoints(ctx context.Context, sd ServerData) (*endpoints.List, *endpoints.List, error) {
-	// Get the endpoints
-	ep, err := getEndpoints(ctx, sd.BaseWK)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	// This is a mess but we essentially have to instantiate different endpoints if the authorization base URL is different from the base portal URL
-	// This happens with secure internet when the location is not equal to the home location
-	var epauth *endpoints.Endpoints
-	if sd.BaseAuthWK != sd.BaseWK {
-		oep, err := getEndpoints(ctx, sd.BaseAuthWK)
-		if err != nil {
-			return nil, nil, err
-		}
-		epauth = oep
-	} else {
-		epauth = ep
-	}
-	return &ep.API.V3, &epauth.API.V3, err
-}
-
 // OAuthLogger is defined here to update the internal logger
 // for the eduoauth library
 type OAuthLogger struct{}