barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-02-24 01:42:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: oidc review comments

Browse Source
This commit is contained in:
Stavros
2026-01-25 18:32:14 +02:00
parent cf1a613229
commit 8af233b78d
3 changed files with 38 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
internal/controller/oidc_controller.go
View File

@@ -148,13 +148,15 @@ func (controller *OIDCController) Authorize(c *gin.Context) {
return
}
// We also need a snapshot of the user that authorized this
err = controller.oidc.StoreUserinfo(c, sub, userContext, req)
// We also need a snapshot of the user that authorized this (skip if no openid scope)
if slices.Contains(strings.Split(req.Scope, " "), "openid") {
err = controller.oidc.StoreUserinfo(c, sub, userContext, req)
if err != nil {
tlog.App.Error().Err(err).Msg("Failed to insert user info into database")
controller.authorizeError(c, err, "Failed to store user info", "Failed to store user info", req.RedirectURI, "server_error", req.State)
return
if err != nil {
tlog.App.Error().Err(err).Msg("Failed to insert user info into database")
controller.authorizeError(c, err, "Failed to store user info", "Failed to store user info", req.RedirectURI, "server_error", req.State)
return
}
}
queries, err := query.Values(AuthorizeCallback{
@@ -315,6 +317,15 @@ func (controller *OIDCController) Userinfo(c *gin.Context) {
return
}
// If we don't have the openid scope, return an error
if !slices.Contains(strings.Split(entry.Scope, ","), "openid") {
tlog.App.Warn().Msg("OIDC userinfo accessed without openid scope")
c.JSON(401, gin.H{
"error": "invalid_request",
})
return
}
user, err := controller.oidc.GetUserinfo(c, entry.Sub)
if err != nil {
@@ -325,15 +336,6 @@ func (controller *OIDCController) Userinfo(c *gin.Context) {
return
}
// If we don't have the openid scope, return an error
if !slices.Contains(strings.Split(entry.Scope, ","), "openid") {
tlog.App.Warn().Msg("OIDC userinfo accessed without openid scope")
c.JSON(401, gin.H{
"error": "invalid_request",
})
return
}
c.JSON(200, controller.oidc.CompileUserinfo(user, entry.Scope))
}
@@ -362,7 +364,7 @@ func (controller *OIDCController) authorizeError(c *gin.Context, err error, reas
c.JSON(200, gin.H{
"status": 200,
"redirect_uri": fmt.Sprintf("%s/?%s", callback, queries.Encode()),
"redirect_uri": fmt.Sprintf("%s?%s", callback, queries.Encode()),
})
return
}