barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-02-27 11:21:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: more rabbit nitpicks

Browse Source
This commit is contained in:
Stavros
2026-02-01 00:16:58 +02:00
parent 01e491c3be
commit 673f556fb3
6 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/service/oidc_service.go
View File

@@ -37,6 +37,7 @@ var (
ErrCodeNotFound = errors.New("code_not_found")
ErrTokenNotFound = errors.New("token_not_found")
ErrTokenExpired = errors.New("token_expired")
ErrInvalidClient = errors.New("invalid_client")
)
type ClaimSet struct {
@@ -212,7 +213,7 @@ func (service *OIDCService) Init() error {
}
func (service *OIDCService) GetIssuer() string {
return service.config.Issuer
return service.issuer
}
func (service *OIDCService) GetClient(id string) (config.OIDCClientConfig, bool) {
@@ -424,7 +425,7 @@ func (service *OIDCService) GenerateAccessToken(c *gin.Context, client config.OI
return tokenResponse, nil
}
func (service *OIDCService) RefreshAccessToken(c *gin.Context, refreshToken string) (TokenResponse, error) {
func (service *OIDCService) RefreshAccessToken(c *gin.Context, refreshToken string, reqClientId string) (TokenResponse, error) {
entry, err := service.queries.GetOidcTokenByRefreshToken(c, service.Hash(refreshToken))
if err != nil {
@@ -438,6 +439,11 @@ func (service *OIDCService) RefreshAccessToken(c *gin.Context, refreshToken stri
return TokenResponse{}, ErrTokenExpired
}
// Ensure the client ID in the request matches the client ID in the token
if entry.ClientID != reqClientId {
return TokenResponse{}, ErrInvalidClient
}
idToken, err := service.generateIDToken(config.OIDCClientConfig{
ClientID: entry.ClientID,
}, entry.Sub)