Client + API: Mark organizations expired *before* processing url

2 files changed, 7 insertions, 4 deletions

diff --git a/internal/api/api.go b/internal/api/api.go
index 16f86af..6cba35c 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -44,7 +44,7 @@ type ServerData struct {
 	// BaseAuthWK is the base well-known endpoint for authorization. This is only different in case of secure internet
 	BaseAuthWK string
 	// ProcessAuth processes the OAuth authorization
-	ProcessAuth func(string) string
+	ProcessAuth func(context.Context, string) (string, error)
 	// DisableAuthorize indicates whether or not new authorization requests should be disabled
 	DisableAuthorize bool
 	// Transport is the HTTP transport, only used for testing currently
@@ -134,7 +134,10 @@ func (a *API) authorize(ctx context.Context) (err error) {
 		return err
 	}
 	if a.Data.ProcessAuth != nil {
-		url = a.Data.ProcessAuth(url)
+		url, err = a.Data.ProcessAuth(ctx, url)
+		if err != nil {
+			return err
+		}
 	}
 	// We expect an uri if custom redirect is non empty
 	uri, err := a.cb.TriggerAuth(ctx, url, a.oauth.CustomRedirect != "")
diff --git a/internal/api/api_test.go b/internal/api/api_test.go
index 5de1d7b..397dd3c 100644
--- a/internal/api/api_test.go
+++ b/internal/api/api_test.go
@@ -196,8 +196,8 @@ func createTestAPI(t *testing.T, tok *eduoauth.Token, gt []string, hps []test.Ha
 		Type:       server.TypeCustom,
 		BaseWK:     serv.URL,
 		BaseAuthWK: serv.URL,
-		ProcessAuth: func(in string) string {
-			return in
+		ProcessAuth: func(ctx context.Context, in string) (string, error) {
+			return in, nil
 		},
 		DisableAuthorize: false,
 		Transport:        servc.Client.Transport,