Skip to content

Commit c85b486

Browse files
appleboyappleboy
committed
refactor: refactor OAuth client to use go-httpclient library
- Replace manual HTTP client and transport setup with go-httpclient for OAuth requests - Remove direct TLS configuration and related crypto/tls import - Simplify OAuth client code using go-httpclient options for timeout and insecure skip verify Signed-off-by: appleboy <appleboy.tw@gmail.com>
1 parent 1bf3251 commit c85b486

File tree

1 file changed

+5
-23
lines changed

1 file changed

+5
-23
lines changed

main.go

Lines changed: 5 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ package main
22

33
import (
44
"context"
5-
"crypto/tls"
65
"embed"
76
"errors"
87
"flag"
@@ -23,6 +22,7 @@ import (
2322
"github.com/appleboy/authgate/internal/store"
2423
"github.com/appleboy/authgate/internal/token"
2524
"github.com/appleboy/authgate/internal/version"
25+
"github.com/appleboy/go-httpclient"
2626

2727
"github.com/appleboy/graceful"
2828
"github.com/gin-contrib/sessions"
@@ -417,30 +417,12 @@ func getProviderNames(providers map[string]*auth.OAuthProvider) []string {
417417

418418
// createOAuthHTTPClient creates an HTTP client for OAuth requests with retry support
419419
func createOAuthHTTPClient(cfg *config.Config) *http.Client {
420-
// #nosec G402 -- InsecureSkipVerify is user-configurable for development/testing
421-
transport := &http.Transport{
422-
TLSClientConfig: &tls.Config{
423-
InsecureSkipVerify: cfg.OAuthInsecureSkipVerify,
424-
},
425-
MaxIdleConns: 10,
426-
MaxIdleConnsPerHost: 10,
427-
IdleConnTimeout: 30 * time.Second,
428-
}
429-
430-
baseClient := &http.Client{
431-
Timeout: cfg.OAuthTimeout,
432-
Transport: transport,
433-
}
434-
435-
// Note: We don't use retry.Client here because the oauth2 library requires
436-
// *http.Client, and retry.Client is not compatible with that interface.
437-
// OAuth flows are interactive and providers are generally reliable, so
438-
// automatic retry is less critical than for API calls. The baseClient already
439-
// has proper timeout and TLS configuration.
440-
441420
if cfg.OAuthInsecureSkipVerify {
442421
log.Printf("WARNING: OAuth TLS verification is disabled (OAUTH_INSECURE_SKIP_VERIFY=true)")
443422
}
444423

445-
return baseClient
424+
return httpclient.NewAuthClient(httpclient.AuthModeNone, "",
425+
httpclient.WithTimeout(cfg.OAuthTimeout),
426+
httpclient.WithInsecureSkipVerify(cfg.OAuthInsecureSkipVerify),
427+
)
446428
}

0 commit comments

Comments
 (0)