refactor: only accept claims following the OIDC spec

2025-10-30 21:55:43 +00:00 · 2025-04-25 15:28:24 +03:00
parent 13032e564d
commit 5e4e2ddbd9
7 changed files with 32 additions and 19 deletions
--- a/internal/providers/generic.go
+++ b/internal/providers/generic.go
@@ -4,13 +4,14 @@ import (
 	"encoding/json"
 	"io"
 	"net/http"
+	"tinyauth/internal/constants"

 	"github.com/rs/zerolog/log"
 )

-func GetGenericUser(client *http.Client, url string) (map[string]interface{}, error) {
+func GetGenericUser(client *http.Client, url string) (constants.Claims, error) {
 	// Create user struct
-	user := make(map[string]interface{})
+	var user constants.Claims

 	// Using the oauth client get the user info url
 	res, err := client.Get(url)
--- a/internal/providers/github.go
+++ b/internal/providers/github.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"io"
 	"net/http"
+	"tinyauth/internal/constants"

 	"github.com/rs/zerolog/log"
 )
@@ -20,9 +21,9 @@ func GithubScopes() []string {
 	return []string{"user:email"}
 }

-func GetGithubUser(client *http.Client) (map[string]interface{}, error) {
+func GetGithubUser(client *http.Client) (constants.Claims, error) {
 	// Create user struct
-	user := make(map[string]interface{})
+	var user constants.Claims

 	// Get the user emails from github using the oauth http client
 	res, err := client.Get("https://api.github.com/user/emails")
@@ -60,7 +61,7 @@ func GetGithubUser(client *http.Client) (map[string]interface{}, error) {
 	// Find and return the primary email
 	for _, email := range emails {
 		if email.Primary {
-			user["email"] = email.Email
+			user.Email = email.Email
 			return user, nil
 		}
 	}
--- a/internal/providers/google.go
+++ b/internal/providers/google.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"io"
 	"net/http"
+	"tinyauth/internal/constants"

 	"github.com/rs/zerolog/log"
 )
@@ -13,9 +14,9 @@ func GoogleScopes() []string {
 	return []string{"https://www.googleapis.com/auth/userinfo.email"}
 }

-func GetGoogleUser(client *http.Client) (map[string]interface{}, error) {
+func GetGoogleUser(client *http.Client) (constants.Claims, error) {
 	// Create user struct
-	user := make(map[string]interface{})
+	var user constants.Claims

 	// Get the user info from google using the oauth http client
 	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
--- a/internal/providers/providers.go
+++ b/internal/providers/providers.go
@@ -2,6 +2,7 @@ package providers

 import (
 	"fmt"
+	"tinyauth/internal/constants"
 	"tinyauth/internal/oauth"
 	"tinyauth/internal/types"

@@ -93,9 +94,9 @@ func (providers *Providers) GetProvider(provider string) *oauth.OAuth {
 	}
 }

-func (providers *Providers) GetUser(provider string) (map[string]interface{}, error) {
+func (providers *Providers) GetUser(provider string) (constants.Claims, error) {
 	// Create user struct
-	user := make(map[string]interface{})
+	var user constants.Claims

 	// Get the user from the provider
 	switch provider {