Handle the redirect-url flag

Makefile

@@ -24,6 +24,9 @@ CGO_OVERRIDE?=CGO_ENABLED=0
 # which build id in .goreleaser.yml to build
 GORELEASER_BUILD_ID?=default
 
+# all go files
+SRC=$(shell find . -type f -name '*.go')
+
 all: lint test build
 
 ci: test build
@@ -107,7 +110,7 @@ bootstra%:
 build: $(PREFIX)/$(BINNAME)
 	@echo "Build Complete!"
 
-$(PREFIX)/$(BINNAME):
+$(PREFIX)/$(BINNAME): $(SRC)
 	$Q mkdir -p $(PREFIX)
 	$Q $(GOOS_OVERRIDE) $(CGO_OVERRIDE) go build \
 		-v \

utils/cautils/bootstrap.go

@@ -219,6 +219,15 @@
 		apiEndpoint = u.String()
 	}
 
+	// Get the --redirect-url flag, If passed, we will use this one even if the
+	// API provides one.
+	redirectURL := ctx.String("redirect-url")
+	if redirectURL != "" {
+		if _, err := url.Parse(redirectURL); err != nil {
+			return err
+		}
+	}
+
 	// Using public PKI
 	//nolint:gosec // Variadic URL is considered safe here for the following reasons:
 	//  1) The input is from the command line, rather than a web form or publicly available API.
@@ -239,8 +248,9 @@
 	if err := readJSON(resp.Body, &r); err != nil {
 		return errors.Wrap(err, "error getting authority data")
 	}
-
-	if r.RedirectURL == "" {
+	if redirectURL != "" {
+		r.RedirectURL = redirectURL
+	} else if r.RedirectURL == "" {
 		r.RedirectURL = "https://smallstep.com/app/teams/sso/success"
 	}
 
@@ -257,8 +267,19 @@
 			return err
 		}
 	}
-	return bootstrap(ctx, caURL, fingerprint,
-		withDefaultContextValues(caHostname))
+
+	var opts = []bootstrapOption{
+		withDefaultContextValues(caHostname),
+	}
+
+	if redirectURL := ctx.String("redirect-url"); redirectURL != "" {
+		if _, err := url.Parse(redirectURL); err != nil {
+			return err
+		}
+		opts = append(opts, withRedirectURL(redirectURL))
+	}
+
+	return bootstrap(ctx, caURL, fingerprint, opts...)
 }
 
 func getHost(caURL string) (string, error) {