From 56c184eff3602d160860916cb7e446d056b606ae Mon Sep 17 00:00:00 2001
From: Tanay Pant <tanaypant@protonmail.com>
Date: Tue, 26 Apr 2022 12:15:42 +0200
Subject: [PATCH] Add field for custom authorization server ID

---
 app/views/console/users/oauth/okta.phtml   |  2 ++
 public/scripts/views/forms/oauth-custom.js |  3 ++-
 src/Appwrite/Auth/OAuth2/Okta.php          | 19 +++++++++++++++----
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/app/views/console/users/oauth/okta.phtml b/app/views/console/users/oauth/okta.phtml
index 44c47c6550..2459e1543c 100644
--- a/app/views/console/users/oauth/okta.phtml
+++ b/app/views/console/users/oauth/okta.phtml
@@ -8,5 +8,7 @@ $provider = $this->getParam('provider', '');
 <input name="clientSecret" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>ClientSecret" type="password" autocomplete="off" placeholder="Client Secret" />
 <label for="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Domain">Okta Domain<span class="tooltip" data-tooltip="Your Okta Domain (without 'https://')"><i class="icon-info-circled"></i></span></label>
 <input name="oktaDomain" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Domain" type="text" autocomplete="off" placeholder="dev-1337.okta.com" />
+<label for="oauth2<?php echo $this->escape(ucfirst($provider)); ?>AuthorizationServerId">Authorization Server ID<span class="tooltip" data-tooltip="Authorization Server ID for custom authorization servers"><i class="icon-info-circled"></i></span></label>
+<input name="authorizationServerId" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>AuthorizationServerId" type="text" autocomplete="off" placeholder="default" />
 <?php /*Hidden input for the final secret. Gets filled with a JSON via JS. */ ?>
 <input name="secret" data-forms-oauth-custom="<?php echo $this->escape(ucfirst($provider)); ?>" id="oauth2<?php echo $this->escape(ucfirst($provider)); ?>Secret" type="hidden" autocomplete="off" data-ls-bind="{{console-project.provider<?php echo $this->escape(ucfirst($provider)); ?>Secret}}" />
\ No newline at end of file
diff --git a/public/scripts/views/forms/oauth-custom.js b/public/scripts/views/forms/oauth-custom.js
index 965296656f..67fb213215 100644
--- a/public/scripts/views/forms/oauth-custom.js
+++ b/public/scripts/views/forms/oauth-custom.js
@@ -19,7 +19,8 @@
         },
         "Okta": {
           "clientSecret": "oauth2OktaClientSecret",
-          "oktaDomain": "oauth2OktaDomain"
+          "oktaDomain": "oauth2OktaDomain",
+          "authorizationServerId": "oauth2OktaAuthorizationServerId"
         }
       }
       let provider = element.getAttribute("data-forms-oauth-custom");
diff --git a/src/Appwrite/Auth/OAuth2/Okta.php b/src/Appwrite/Auth/OAuth2/Okta.php
index 61c710e8ad..7b1b0d19e1 100644
--- a/src/Appwrite/Auth/OAuth2/Okta.php
+++ b/src/Appwrite/Auth/OAuth2/Okta.php
@@ -42,7 +42,7 @@ class Okta extends OAuth2
      */
     public function getLoginURL(): string
     {
-        return 'https://'.$this->getOktaDomain().'/oauth2/default/v1/authorize?'.\http_build_query([
+        return 'https://'.$this->getOktaDomain().'/oauth2/'.$this->getAuthorizationServerId().'/v1/authorize?'.\http_build_query([
             'client_id' => $this->appID,
             'redirect_uri' => $this->callback,
             'state'=> \json_encode($this->state),
@@ -62,7 +62,7 @@ class Okta extends OAuth2
             $headers = ['Content-Type: application/x-www-form-urlencoded'];
             $this->tokens = \json_decode($this->request(
                 'POST',
-                'https://'.$this->getOktaDomain().'/oauth2/default/v1/token',
+                'https://'.$this->getOktaDomain().'/oauth2/'.$this->getAuthorizationServerId().'/v1/token',
                 $headers,
                 \http_build_query([
                     'code' => $code,
@@ -89,7 +89,7 @@ class Okta extends OAuth2
         $headers = ['Content-Type: application/x-www-form-urlencoded'];
         $this->tokens = \json_decode($this->request(
             'POST',
-            'https://'.$this->getOktaDomain().'/oauth2/default/v1/token',
+            'https://'.$this->getOktaDomain().'/oauth2/'.$this->getAuthorizationServerId().'/v1/token',
             $headers,
             \http_build_query([
                 'refresh_token' => $refreshToken,
@@ -163,7 +163,7 @@ class Okta extends OAuth2
     {
         if (empty($this->user)) {
             $headers = ['Authorization: Bearer '. \urlencode($accessToken)];
-            $user = $this->request('GET', 'https://'.$this->getOktaDomain().'/oauth2/default/v1/userinfo', $headers);
+            $user = $this->request('GET', 'https://'.$this->getOktaDomain().'/oauth2/'.$this->getAuthorizationServerId().'/v1/userinfo', $headers);
             $this->user = \json_decode($user, true);
         }
 
@@ -193,6 +193,17 @@ class Okta extends OAuth2
         return (isset($secret['oktaDomain'])) ? $secret['oktaDomain'] : ''; 
     }
 
+    /**
+     * Extracts the Okta Authorization Server ID from the JSON stored in appSecret
+     * 
+     * @return string
+     */
+    protected function getAuthorizationServerId(): string
+    {
+        $secret = $this->getAppSecret();
+        return (isset($secret['authorizationServerId'])) ? $secret['authorizationServerId'] : 'default'; 
+    }
+
     /**
      * Decode the JSON stored in appSecret
      *