barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-02-24 09:52:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: more review comments

Browse Source
This commit is contained in:
Stavros
2026-01-26 16:20:49 +02:00
parent e498ee4be0
commit fe391fc571
9 changed files with 270 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/controller/oidc_controller.go
View File

@@ -114,7 +114,7 @@ func (controller *OIDCController) Authorize(c *gin.Context) {
return
}
_, ok := controller.oidc.GetClient(req.ClientID)
client, ok := controller.oidc.GetClient(req.ClientID)
if !ok {
controller.authorizeError(c, err, "Client not found", "The client ID is invalid", "", "", "")
@@ -133,8 +133,8 @@ func (controller *OIDCController) Authorize(c *gin.Context) {
return
}
// WARNING: Since Tinyauth is stateless, we cannot have a sub that never changes. We will just create a uuid out of the username which remains stable, but if username changes then sub changes too.
sub := utils.GenerateUUID(userContext.Username)
// WARNING: Since Tinyauth is stateless, we cannot have a sub that never changes. We will just create a uuid out of the username and client name which remains stable, but if username or client name changes then sub changes too.
sub := utils.GenerateUUID(fmt.Sprintf("%s:%s", userContext.Username, client.ID))
code := rand.Text()
// Before storing the code, delete old session
@@ -272,16 +272,6 @@ func (controller *OIDCController) Token(c *gin.Context) {
return
}
err = controller.oidc.DeleteCodeEntry(c, entry.CodeHash)
if err != nil {
tlog.App.Error().Err(err).Msg("Failed to delete code in database")
c.JSON(400, gin.H{
"error": "server_error",
})
return
}
tokenResponse = tokenRes
case "refresh_token":
client, ok := controller.oidc.GetClient(req.ClientID)