Must run oauth from same subdomain but no longer use query params

oauth2server/server/authorize.go

@@ -7,6 +7,7 @@ import (
 	"local/storage"
 	"net/http"
 	"net/url"
+	"strings"
 
 	"github.com/google/uuid"
 )
@@ -39,9 +40,13 @@ func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
 		if url.Scheme == "" {
 			url.Scheme = "http"
 		}
-		values := url.Query()
-		values.Set(oauth2.COOKIE, access)
-		url.RawQuery = values.Encode()
+		cookie := &http.Cookie{
+			Name:   oauth2.NEWCOOKIE,
+			Value:  access,
+			Path:   "/",
+			Domain: "." + strings.Join(strings.Split(strings.Split(url.Host, ":")[0], ".")[1:], "."),
+		}
+		http.SetCookie(w, cookie)
 		http.Redirect(w, r, url.String(), http.StatusSeeOther)
 	} else {
 		fmt.Fprintln(w, "OK")