Fix backward compatibility of LocalServerCallbackPath (#237)

e2e_test/e2e_test.go

@@ -36,7 +36,7 @@ func TestHappyPath(t *testing.T) {
 					t.Errorf("scope wants %s but %s", want, req.Scope)
 					return fmt.Sprintf("%s?error=invalid_scope", req.RedirectURI)
 				}
-				if !assertRedirectURI(t, req.RedirectURI, "http", "localhost", "/") {
+				if !assertRedirectURI(t, req.RedirectURI, "http", "localhost", "") {
 					return fmt.Sprintf("%s?error=invalid_redirect_uri", req.RedirectURI)
 				}
 				return fmt.Sprintf("%s?state=%s&code=%s", req.RedirectURI, req.State, "AUTH_CODE")
@@ -106,7 +106,7 @@ func TestRedirectURLHostname(t *testing.T) {
 					t.Errorf("scope wants %s but %s", want, req.Scope)
 					return fmt.Sprintf("%s?error=invalid_scope", req.RedirectURI)
 				}
-				if !assertRedirectURI(t, req.RedirectURI, "http", "127.0.0.1", "/") {
+				if !assertRedirectURI(t, req.RedirectURI, "http", "127.0.0.1", "") {
 					return fmt.Sprintf("%s?error=invalid_redirect_uri", req.RedirectURI)
 				}
 				return fmt.Sprintf("%s?state=%s&code=%s", req.RedirectURI, req.State, "AUTH_CODE")
@@ -177,7 +177,7 @@ func TestSuccessRedirect(t *testing.T) {
 					t.Errorf("scope wants %s but %s", want, req.Scope)
 					return fmt.Sprintf("%s?error=invalid_scope", req.RedirectURI)
 				}
-				if !assertRedirectURI(t, req.RedirectURI, "http", "localhost", "/") {
+				if !assertRedirectURI(t, req.RedirectURI, "http", "localhost", "") {
 					return fmt.Sprintf("%s?error=invalid_redirect_uri", req.RedirectURI)
 				}
 				return fmt.Sprintf("%s?state=%s&code=%s", req.RedirectURI, req.State, "AUTH_CODE")

e2e_test/pkce_test.go

@@ -40,7 +40,7 @@ func TestPKCE(t *testing.T) {
 					t.Errorf("scope wants %s but %s", want, req.Scope)
 					return fmt.Sprintf("%s?error=invalid_scope", req.RedirectURI)
 				}
-				if !assertRedirectURI(t, req.RedirectURI, "http", "localhost", "/") {
+				if !assertRedirectURI(t, req.RedirectURI, "http", "localhost", "") {
 					return fmt.Sprintf("%s?error=invalid_redirect_uri", req.RedirectURI)
 				}
 				return fmt.Sprintf("%s?state=%s&code=%s", req.RedirectURI, req.State, "AUTH_CODE")

e2e_test/tls_test.go

@@ -31,7 +31,7 @@ func TestTLS(t *testing.T) {
 					t.Errorf("scope wants %s but %s", want, req.Scope)
 					return fmt.Sprintf("%s?error=invalid_scope", req.RedirectURI)
 				}
-				if !assertRedirectURI(t, req.RedirectURI, "https", "localhost", "/") {
+				if !assertRedirectURI(t, req.RedirectURI, "https", "localhost", "") {
 					return fmt.Sprintf("%s?error=invalid_redirect_uri", req.RedirectURI)
 				}
 				return fmt.Sprintf("%s?state=%s&code=%s", req.RedirectURI, req.State, "AUTH_CODE")

oauth2cli.go

@@ -85,7 +85,6 @@ type Config struct {
 
 	// Callback path of the local server.
 	// If your provider requires a specific path of the redirect URL, set it here.
-	// Default to "/".
 	LocalServerCallbackPath string
 
 	// Response HTML body on authorization completed.
@@ -124,9 +123,6 @@ func (cfg *Config) validateAndSetDefaults() error {
 		}
 		cfg.State = state
 	}
-	if cfg.LocalServerCallbackPath == "" {
-		cfg.LocalServerCallbackPath = "/"
-	}
 	if cfg.LocalServerMiddleware == nil {
 		cfg.LocalServerMiddleware = noopMiddleware
 	}

server.go

@@ -130,13 +130,17 @@ type localServerHandler struct {
 }
 
 func (h *localServerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	callbackPath := h.config.LocalServerCallbackPath
+	if callbackPath == "" {
+		callbackPath = "/"
+	}
 	q := r.URL.Query()
 	switch {
-	case r.Method == "GET" && r.URL.Path == h.config.LocalServerCallbackPath && q.Get("error") != "":
+	case r.Method == "GET" && r.URL.Path == callbackPath && q.Get("error") != "":
 		h.onceRespCh.Do(func() {
 			h.respCh <- h.handleErrorResponse(w, r)
 		})
-	case r.Method == "GET" && r.URL.Path == h.config.LocalServerCallbackPath && q.Get("code") != "":
+	case r.Method == "GET" && r.URL.Path == callbackPath && q.Get("code") != "":
 		h.onceRespCh.Do(func() {
 			h.respCh <- h.handleCodeResponse(w, r)
 		})