OAuth + Server: Fix ISS for secure internet

The wrong base url was used. Use the one from the home server NOT the
current location

4 files changed, 9 insertions, 20 deletions

diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go
index df29a9c..4bccdf5 100644
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -71,6 +71,7 @@ func genVerifier() (string, error) {
 }
 
 type OAuth struct {
+	ISS                  string               `json:"iss"`
 	Session              OAuthExchangeSession `json:"-"`
 	Token                OAuthToken           `json:"token"`
 	BaseAuthorizationURL string               `json:"base_authorization_url"`
@@ -363,7 +364,8 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) {
 	}
 }
 
-func (oauth *OAuth) Init(baseAuthorizationURL string, tokenURL string) {
+func (oauth *OAuth) Init(iss string, baseAuthorizationURL string, tokenURL string) {
+	oauth.ISS = iss
 	oauth.BaseAuthorizationURL = baseAuthorizationURL
 	oauth.TokenURL = tokenURL
 }
@@ -378,7 +380,7 @@ func (oauth OAuth) GetListenerPort() (int, error) {
 }
 
 // Starts the OAuth exchange for eduvpn.
-func (oauth *OAuth) GetAuthURL(name string, iss string, postProcessAuth func(string) string) (string, error) {
+func (oauth *OAuth) GetAuthURL(name string, postProcessAuth func(string) string) (string, error) {
 	errorMessage := "failed starting OAuth exchange"
 
 	// Generate the verifier and challenge
@@ -395,7 +397,7 @@ func (oauth *OAuth) GetAuthURL(name string, iss string, postProcessAuth func(str
 	}
 
 	// Fill the struct with the necessary fields filled for the next call to getting the HTTP client
-	oauthSession := OAuthExchangeSession{ClientID: name, ISS: iss, State: state, Verifier: verifier}
+	oauthSession := OAuthExchangeSession{ClientID: name, ISS: oauth.ISS, State: state, Verifier: verifier}
 	oauth.Session = oauthSession
 
 	// set up the listener to get the redirect URI
diff --git a/internal/server/common.go b/internal/server/common.go
index bf6f4ca..e70bee0 100644
--- a/internal/server/common.go
+++ b/internal/server/common.go
@@ -252,21 +252,8 @@ func ShouldRenewButton(server Server) bool {
 	return true
 }
 
-func GetISS(server Server) (string, error) {
-	base, baseErr := server.GetBase()
-	if baseErr != nil {
-		return "", types.NewWrappedError("failed getting server ISS", baseErr)
-	}
-	// We have already ensured that the base URL ends with a /
-	return base.URL, nil
-}
-
 func GetOAuthURL(server Server, name string) (string, error) {
-	iss, issErr := GetISS(server)
-	if issErr != nil {
-		return "", issErr
-	}
-	return server.GetOAuth().GetAuthURL(name, iss, server.GetTemplateAuth())
+	return server.GetOAuth().GetAuthURL(name, server.GetTemplateAuth())
 }
 
 func OAuthExchange(server Server) error {
diff --git a/internal/server/instituteaccess.go b/internal/server/instituteaccess.go
index 0f097b0..ed0211b 100644
--- a/internal/server/instituteaccess.go
+++ b/internal/server/instituteaccess.go
@@ -84,7 +84,7 @@ func (institute *InstituteAccessServer) init(
 	serverType string,
 	supportContact []string,
 ) error {
-	errorMessage := fmt.Sprintf("failed initializing institute server %s", url)
+	errorMessage := fmt.Sprintf("failed initializing server %s", url)
 	institute.Base.URL = url
 	institute.Base.DisplayName = displayName
 	institute.Base.SupportContact = supportContact
@@ -93,7 +93,7 @@ func (institute *InstituteAccessServer) init(
 	if endpointsErr != nil {
 		return types.NewWrappedError(errorMessage, endpointsErr)
 	}
-	institute.OAuth.Init(endpoints.API.V3.Authorization, endpoints.API.V3.Token)
+	institute.OAuth.Init(url, endpoints.API.V3.Authorization, endpoints.API.V3.Token)
 	institute.Base.Endpoints = *endpoints
 	return nil
 }
diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go
index 93e83cf..b3e2615 100644
--- a/internal/server/secureinternet.go
+++ b/internal/server/secureinternet.go
@@ -149,7 +149,7 @@ func (secure *SecureInternetHomeServer) init(
 	}
 
 	// Make sure oauth contains our endpoints
-	secure.OAuth.Init(base.Endpoints.API.V3.Authorization, base.Endpoints.API.V3.Token)
+	secure.OAuth.Init(base.URL, base.Endpoints.API.V3.Authorization, base.Endpoints.API.V3.Token)
 	return nil
 }