fix: more rabbit nitpicks

2026-02-23 17:32:00 +00:00 · 2026-02-01 00:16:58 +02:00
parent 01e491c3be
commit 673f556fb3
6 changed files with 27 additions and 7 deletions
--- a/internal/controller/oidc_controller.go
+++ b/internal/controller/oidc_controller.go
@@ -273,7 +273,7 @@ func (controller *OIDCController) Token(c *gin.Context) {

 		tokenResponse = tokenRes
 	case "refresh_token":
-		tokenRes, err := controller.oidc.RefreshAccessToken(c, req.RefreshToken)
+		tokenRes, err := controller.oidc.RefreshAccessToken(c, req.RefreshToken, rclientId)

 		if err != nil {
 			if errors.Is(err, service.ErrTokenExpired) {
@@ -284,6 +284,14 @@ func (controller *OIDCController) Token(c *gin.Context) {
 				return
 			}

+			if errors.Is(err, service.ErrInvalidClient) {
+				tlog.App.Error().Err(err).Msg("Invalid client")
+				c.JSON(401, gin.H{
+					"error": "invalid_grant",
+				})
+				return
+			}
+
 			tlog.App.Error().Err(err).Msg("Failed to refresh access token")
 			c.JSON(400, gin.H{
 				"error": "server_error",
--- a/internal/controller/oidc_controller_test.go
+++ b/internal/controller/oidc_controller_test.go
@@ -176,6 +176,8 @@ func TestOIDCController(t *testing.T) {

 	req, err = http.NewRequest("POST", "/api/oidc/token", strings.NewReader(params.Encode()))

+	assert.NilError(t, err)
+
 	req.Header.Set("content-type", "application/x-www-form-urlencoded")
 	req.SetBasicAuth("some-client-id", "some-client-secret")