Working cross domain too

oauth2server/server/authorize.go

@@ -1,10 +1,11 @@
 package server
 
 import (
+	"fmt"
 	"local/oauth2"
 	"local/storage"
-	"log"
 	"net/http"
+	"net/url"
 
 	"github.com/google/uuid"
 )
@@ -25,19 +26,22 @@ func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "no oauth for user", http.StatusForbidden)
 		return
 	}
-	cookie := &http.Cookie{
-		Name:     oauth2.COOKIE,
-		Value:    access,
-		SameSite: http.SameSiteLaxMode,
+	q := r.URL.Query()
+	redirect := q.Get(oauth2.REDIRECT)
+	q.Del(oauth2.REDIRECT)
+	r.URL.RawQuery = q.Encode()
+	if redirect != "" {
+		url, _ := url.Parse(redirect)
+		if url.Scheme == "" {
+			url.Scheme = "http"
+		}
+		values := url.Query()
+		values.Set(oauth2.COOKIE, access)
+		url.RawQuery = values.Encode()
+		http.Redirect(w, r, url.String(), http.StatusSeeOther)
+	} else {
+		fmt.Fprintln(w, "OK")
 	}
-	http.SetCookie(w, cookie)
-	redirectCookie, err := r.Cookie(oauth2.REDIRECT)
-	log.Printf("REDIR COOKIE", err, redirectCookie)
-	log.Println(r.Cookies())
-	if err != nil {
-		return
-	}
-	http.Redirect(w, r, redirectCookie.Value, http.StatusSeeOther)
 }
 
 func (s *Server) genAuth(user string) {

oauth2server/server/users.go

@@ -13,10 +13,11 @@ import (
 )
 
 func (s *Server) usersLog(w http.ResponseWriter, r *http.Request) {
+	q := r.URL.Query()
 	fmt.Fprintln(w, `
       <html>
          <body>
-            <form method="post" action="/authorize">
+            <form method="post" action="/authorize?`+q.Encode()+`">
                <input type="text" name="username"></input>
                <input type="submit"></input>
             </form>