barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-04-12 00:37:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: revoke access token on duplicate auth code user

Browse Source
This commit is contained in:
Stavros
2026-04-11 18:33:19 +03:00
parent cc94294ece
commit 8622736718
9 changed files with 112 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/controller/oidc_controller.go
View File

@@ -275,6 +275,9 @@ func (controller *OIDCController) Token(c *gin.Context) {
case "authorization_code":
entry, err := controller.oidc.GetCodeEntry(c, controller.oidc.Hash(req.Code), client.ClientID)
if err != nil {
// Delete the access token just in case
controller.oidc.DeleteTokenByCodeHash(c, controller.oidc.Hash(req.Code))
if errors.Is(err, service.ErrCodeNotFound) {
tlog.App.Warn().Msg("Code not found")
c.JSON(400, gin.H{