From dcec80314085a748949a89ce369881980d94200c Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Fri, 19 Jun 2026 13:50:24 +0300
Subject: [PATCH] fix: fail on more prompt values next to none

---
 internal/controller/oidc_controller.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/internal/controller/oidc_controller.go b/internal/controller/oidc_controller.go
index af7c41ce..f7b8d88a 100644
--- a/internal/controller/oidc_controller.go
+++ b/internal/controller/oidc_controller.go
@@ -170,6 +170,18 @@ func (controller *OIDCController) authorize(c *gin.Context) {
 
 	prompts := controller.oidc.GetPrompt(req.Prompt)
 
+	if slices.Contains(prompts, service.OIDCPromptNone) && len(prompts) > 1 {
+		controller.authorizeError(c, authorizeErrorParams{
+			err:           errors.New("invalid prompt"),
+			reason:        "Invalid prompt",
+			reasonPublic:  "The prompt parameters are invalid",
+			callback:      req.RedirectURI,
+			callbackError: "invalid_request",
+			state:         req.State,
+		})
+		return
+	}
+
 	userContext, err := new(model.UserContext).NewFromGin(c)
 
 	if err != nil {