From 3d9ba5df85e0d0c4d8002365987e536b37678104 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Wed, 20 Mar 2024 10:58:55 +0100 Subject: [PATCH] feat: use authenticate endpoint for x (#3833) Improves the "Log in with X" experience by not asking the user to re-authenticate every time. --- internal/client-go/go.sum | 1 + selfservice/strategy/oidc/provider_x.go | 15 +++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/internal/client-go/go.sum b/internal/client-go/go.sum index c966c8ddfd0d..6cc3f5911d11 100644 --- a/internal/client-go/go.sum +++ b/internal/client-go/go.sum @@ -4,6 +4,7 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/selfservice/strategy/oidc/provider_x.go b/selfservice/strategy/oidc/provider_x.go index 060ba58a6303..f58dbd48182f 100644 --- a/selfservice/strategy/oidc/provider_x.go +++ b/selfservice/strategy/oidc/provider_x.go @@ -9,6 +9,8 @@ import ( "fmt" "net/http" + "github.com/ory/x/otelx" + "github.com/dghubble/oauth1" "github.com/dghubble/oauth1/twitter" "github.com/pkg/errors" @@ -54,7 +56,10 @@ func (p *ProviderX) ExchangeToken(ctx context.Context, req *http.Request) (*oaut return oauth1.NewToken(accessToken, accessSecret), nil } -func (p *ProviderX) AuthURL(ctx context.Context, state string) (string, error) { +func (p *ProviderX) AuthURL(ctx context.Context, state string) (_ string, err error) { + ctx, span := p.reg.Tracer(ctx).Tracer().Start(ctx, "selfservice.strategy.oidc.ProviderLinkedIn.fetch") + defer otelx.End(span, &err) + c := p.OAuth1(ctx) // We need to cheat so that callback validates on return @@ -62,12 +67,14 @@ func (p *ProviderX) AuthURL(ctx context.Context, state string) (string, error) { requestToken, _, err := c.RequestToken() if err != nil { - return "", errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Unable to sign in with X because the OAuth1 request token could not be initialized.`)) + span.RecordError(err) + return "", errors.WithStack(herodot.ErrInternalServerError.WithWrap(err).WithReasonf(`Unable to sign in with X because the OAuth1 request token could not be initialized: %s`, err)) } authzURL, err := c.AuthorizationURL(requestToken) if err != nil { - return "", errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Unable to sign in with X because the OAuth1 authorization URL could not be parsed.`)) + span.RecordError(err) + return "", errors.WithStack(herodot.ErrInternalServerError.WithWrap(err).WithReasonf(`Unable to sign in with X because the OAuth1 authorization URL could not be parsed: %s`, err)) } return authzURL.String(), nil @@ -85,7 +92,7 @@ func (p *ProviderX) OAuth1(ctx context.Context) *oauth1.Config { return &oauth1.Config{ ConsumerKey: p.config.ClientID, ConsumerSecret: p.config.ClientSecret, - Endpoint: twitter.AuthorizeEndpoint, + Endpoint: twitter.AuthenticateEndpoint, CallbackURL: p.config.Redir(p.reg.Config().OIDCRedirectURIBase(ctx)), } }