refactor: generate a verifier on every oauth auth session

internal/controller/oauth_controller.go

@@ -72,6 +72,7 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 		return
 	}
 
+	service.GenerateVerifier()
 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
 	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)

internal/service/generic_oauth_service.go

@@ -59,10 +59,8 @@ func (generic *GenericOAuthService) Init() error {
 	ctx := context.Background()
 
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
 
 	generic.context = ctx
-	generic.verifier = verifier
 	return nil
 }
 
@@ -76,6 +74,12 @@ func (generic *GenericOAuthService) GenerateState() string {
 	return state
 }
 
+func (generic *GenericOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	generic.verifier = verifier
+	return verifier
+}
+
 func (generic *GenericOAuthService) GetAuthURL(state string) string {
 	return generic.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(generic.verifier))
 }

internal/service/github_oauth_service.go

@@ -53,10 +53,7 @@ func (github *GithubOAuthService) Init() error {
 	httpClient := &http.Client{}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
-
 	github.context = ctx
-	github.verifier = verifier
 	return nil
 }
 
@@ -70,6 +67,12 @@ func (github *GithubOAuthService) GenerateState() string {
 	return state
 }
 
+func (github *GithubOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	github.verifier = verifier
+	return verifier
+}
+
 func (github *GithubOAuthService) GetAuthURL(state string) string {
 	return github.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(github.verifier))
 }

internal/service/google_oauth_service.go

@@ -48,10 +48,7 @@ func (google *GoogleOAuthService) Init() error {
 	httpClient := &http.Client{}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
-
 	google.context = ctx
-	google.verifier = verifier
 	return nil
 }
 
@@ -65,6 +62,12 @@ func (oauth *GoogleOAuthService) GenerateState() string {
 	return state
 }
 
+func (google *GoogleOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	google.verifier = verifier
+	return verifier
+}
+
 func (google *GoogleOAuthService) GetAuthURL(state string) string {
 	return google.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(google.verifier))
 }

internal/service/oauth_broker_service.go

@@ -11,6 +11,7 @@ import (
 type OAuthService interface {
 	Init() error
 	GenerateState() string
+	GenerateVerifier() string
 	GetAuthURL(state string) string
 	VerifyCode(code string) error
 	Userinfo() (config.Claims, error)