Authorization Code flow wrong cache key

[mgagliardo91]

The authorization code workflow caches the authorization url as authorization_url; however, its usage in the remainder of the flow is for the name AuthorizeUrl (authorize_url). This results in an invalid authorization code URL being presented to the console.

Cached usage: https://github.com/danielgtaylor/restish/blob/master/oauth/authcode.go#L157

func (h *AuthorizationCodeHandler) Parameters() []cli.AuthParam {
	return []cli.AuthParam{
		{Name: "client_id", Required: true, Help: "OAuth 2.0 Client ID"},
		{Name: "authorization_url", Required: true, Help: "OAuth 2.0 authorization URL, e.g. https://api.example.com/oauth/authorize"},
		{Name: "token_url", Required: true, Help: "OAuth 2.0 token URL, e.g. https://api.example.com/oauth/token"},
		{Name: "scopes", Help: "Optional scopes to request in the token"},
	}
}

Proposed Change:

func (h *AuthorizationCodeHandler) Parameters() []cli.AuthParam {
	return []cli.AuthParam{
		{Name: "client_id", Required: true, Help: "OAuth 2.0 Client ID"},
		{Name: "authorize_url", Required: true, Help: "OAuth 2.0 authorization URL, e.g. https://api.example.com/oauth/authorize"},
		{Name: "token_url", Required: true, Help: "OAuth 2.0 token URL, e.g. https://api.example.com/oauth/token"},
		{Name: "scopes", Help: "Optional scopes to request in the token"},
	}
}

[mgagliardo91]

Also, to add into this: I would like to understand why most of this information could not be retrieved from the openapi spec itself. The OpenApi 3.0 calls out securitySchemes that includes flows like authorizationCode which allows you to specify the values that restish attempts to collect via the user input. Any thoughts on adding a more declarative approach with collecting this info from the spec instead?

[danielgtaylor]

Nice find, I completely missed this! 👍

[danielgtaylor]

Sorry for the slow response on this. I've been busy 😞

Merged in 5a6424d and released in 0.4.3.