Path Stripped From Site

Created by: twodee

Hi, I've got a similar issue to #245 (closed), but the fix there doesn't apply. I'm trying to use oauth2 with WordPress, and I'm getting broken redirects. The issue is that oauth2 considers only the root of the site when generating URLs, stripping out all path information. This leads to incompatibilities with tools like WordPress that allow for more flexible notions of sites.

On the server side, the blog I am trying to add OAuth2 authentication to resides at (fictional) URL https://somedomain.org/blog. I am using WP OAuth Server, a WordPress plugin available from https://wp-oauth.com. It considers the site to be https://somedomain.org/blog, because that's the URL that WordPress gives it.

On the client side, I configure the authorization in the following manner:

oauthor = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET, {
  site: 'https://somedomain.org',
  authorize_url: '/blog/oauth/authorize',
  token_url: '/blog/oauth/token',
  redirect_uri: REDIRECT_URI
})

When I visit the URL generated by oauthor.auth_code.authorize_url, it redirects to the WordPress login form, but it passes https://somedomain.org/blog/blog/oauth/authorize as the URL to redirect to on successful authorization. The doubled up "blog" causes a 404.

It would seem to me that there should be some way for oauth2 to work with a site that doesn't reside at the root. That way it can work with servers like WordPress that operate in a more relative way. This problem would be fixed if I could use this configuration:

oauthor = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET, {
  site: 'https://somedomain.org/blog',
  authorize_url: '/oauth/authorize',
  token_url: '/oauth/token',
  redirect_uri: REDIRECT_URI
})

Any help is appreciated.