From dd61cd1f935930850986510675a2c37f0e85ef27 Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Mon, 8 Jul 2024 09:18:10 +0200
Subject: Client + API: Mark organizations expired *before* processing url

---
 internal/api/api.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'internal/api/api.go')

diff --git a/internal/api/api.go b/internal/api/api.go
index 16f86af..6cba35c 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -44,7 +44,7 @@ type ServerData struct {
 	// BaseAuthWK is the base well-known endpoint for authorization. This is only different in case of secure internet
 	BaseAuthWK string
 	// ProcessAuth processes the OAuth authorization
-	ProcessAuth func(string) string
+	ProcessAuth func(context.Context, string) (string, error)
 	// DisableAuthorize indicates whether or not new authorization requests should be disabled
 	DisableAuthorize bool
 	// Transport is the HTTP transport, only used for testing currently
@@ -134,7 +134,10 @@ func (a *API) authorize(ctx context.Context) (err error) {
 		return err
 	}
 	if a.Data.ProcessAuth != nil {
-		url = a.Data.ProcessAuth(url)
+		url, err = a.Data.ProcessAuth(ctx, url)
+		if err != nil {
+			return err
+		}
 	}
 	// We expect an uri if custom redirect is non empty
 	uri, err := a.cb.TriggerAuth(ctx, url, a.oauth.CustomRedirect != "")
-- 
cgit v1.2.3