feat: forward sub from oidc providers (#543 )

* feat: forward sub from oidc providers * fix: review comments
feat: refresh session cookie when session is active (#540 )
2025-12-26 18:12:30 +00:00 · 2025-12-26 19:02:51 +02:00 · 2025-12-26 17:55:54 +02:00 · 2025-12-26 17:53:24 +02:00 · 2025-12-23 23:10:33 +02:00
40 changed files with 154 additions and 114 deletions
--- a/.coderabbit.yaml
+++ b/.coderabbit.yaml
@@ -0,0 +1,3 @@
 issue_enrichment:
  auto_enrich:
    enabled: false
--- a/cmd/tinyauth/generate.go
+++ b/cmd/tinyauth/generate.go
@@ -6,7 +6,8 @@ import (
 	"os"
 	"strings"
 	"time"
-	"tinyauth/internal/utils"
+
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/mdp/qrterminal/v3"
--- a/cmd/tinyauth/tinyauth.go
+++ b/cmd/tinyauth/tinyauth.go
@@ -5,9 +5,10 @@ import (
 	"os"
 	"strings"
 	"time"
-	"tinyauth/internal/bootstrap"
+
-	"tinyauth/internal/config"
+	"github.com/steveiliop56/tinyauth/internal/bootstrap"
-	"tinyauth/internal/utils/loaders"
+	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/utils/loaders"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
--- a/cmd/tinyauth/verify.go
+++ b/cmd/tinyauth/verify.go
@@ -5,7 +5,8 @@ import (
 	"fmt"
 	"os"
 	"time"
-	"tinyauth/internal/utils"
+
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/charmbracelet/huh"
 	"github.com/pquerna/otp/totp"
--- a/cmd/tinyauth/version.go
+++ b/cmd/tinyauth/version.go
@@ -2,7 +2,8 @@ package main
 import (
 	"fmt"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/traefik/paerser/cli"
 )
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module tinyauth
+module github.com/steveiliop56/tinyauth
 go 1.24.0
@@ -6,17 +6,22 @@ toolchain go1.24.3
 require (
 	github.com/cenkalti/backoff/v5 v5.0.3
 	github.com/charmbracelet/huh v0.8.0
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/gin-gonic/gin v1.11.0
 	github.com/glebarez/sqlite v1.11.0
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/golang-migrate/migrate/v4 v4.19.1
 	github.com/google/go-querystring v1.1.0
 	github.com/google/uuid v1.6.0
 	github.com/mdp/qrterminal/v3 v3.2.1
 	github.com/pquerna/otp v1.5.0
 	github.com/rs/zerolog v1.34.0
 	github.com/traefik/paerser v0.2.2
 	github.com/weppos/publicsuffix-go v0.50.1
 	golang.org/x/crypto v0.46.0
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
 	golang.org/x/oauth2 v0.34.0
 	gorm.io/gorm v1.31.1
 	gotest.tools/v3 v3.5.2
 )
@@ -27,43 +32,6 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
 	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-playground/validator/v10 v10.28.0 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/mattn/go-sqlite3 v1.14.32 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/quic-go/quic-go v0.57.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	golang.org/x/term v0.38.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.38.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
 require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
@@ -73,14 +41,17 @@ require (
 	github.com/catppuccin/go v0.3.0 // indirect
 	github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7 // indirect
 	github.com/charmbracelet/bubbletea v1.3.6 // indirect
-	github.com/charmbracelet/huh v0.8.0
+	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
 	github.com/charmbracelet/lipgloss v1.1.0 // indirect
 	github.com/charmbracelet/x/ansi v0.9.3 // indirect
 	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
 	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
 	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
@@ -88,12 +59,20 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
-	github.com/go-ldap/ldap/v3 v3.4.12
+	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.28.0 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
@@ -102,31 +81,49 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mattn/go-sqlite3 v1.14.32 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pquerna/otp v1.5.0
+	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/quic-go/quic-go v0.57.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
 	go.opentelemetry.io/otel v1.37.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
 	go.opentelemetry.io/otel/metric v1.37.0 // indirect
 	go.opentelemetry.io/otel/trace v1.37.0 // indirect
 	golang.org/x/arch v0.20.0 // indirect
 	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.39.0 // indirect
 	golang.org/x/term v0.38.0 // indirect
 	golang.org/x/text v0.32.0 // indirect
 	google.golang.org/protobuf v1.36.9 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.66.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.38.2 // indirect
 	rsc.io/qr v0.2.0 // indirect
 )
--- a/internal/assets/migrations/000003_oauth_sub.down.sql
+++ b/internal/assets/migrations/000003_oauth_sub.down.sql
@@ -0,0 +1 @@
 ALTER TABLE "sessions" DROP COLUMN "oauth_sub";
--- a/internal/assets/migrations/000003_oauth_sub.up.sql
+++ b/internal/assets/migrations/000003_oauth_sub.up.sql
@@ -0,0 +1 @@
 ALTER TABLE "sessions" ADD COLUMN "oauth_sub" TEXT;
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -11,10 +11,11 @@ import (
 	"sort"
 	"strings"
 	"time"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/controller"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/model"
+	"github.com/steveiliop56/tinyauth/internal/controller"
-	"tinyauth/internal/utils"
+	"github.com/steveiliop56/tinyauth/internal/model"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/rs/zerolog/log"
 	"gorm.io/gorm"
--- a/internal/bootstrap/router_bootstrap.go
+++ b/internal/bootstrap/router_bootstrap.go
@@ -3,8 +3,9 @@ package bootstrap
 import (
 	"fmt"
 	"strings"
-	"tinyauth/internal/controller"
+
-	"tinyauth/internal/middleware"
+	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/middleware"
 	"github.com/gin-gonic/gin"
 )
--- a/internal/bootstrap/service_bootstrap.go
+++ b/internal/bootstrap/service_bootstrap.go
@@ -1,7 +1,7 @@
 package bootstrap
 import (
-	"tinyauth/internal/service"
+	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/rs/zerolog/log"
 )
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -79,6 +79,7 @@ const DefaultNamePrefix = "TINYAUTH_"
 // OAuth/OIDC config
 type Claims struct {
 	Sub               string `json:"sub"`
 	Name              string `json:"name"`
 	Email             string `json:"email"`
 	PreferredUsername string `json:"preferred_username"`
@@ -125,6 +126,7 @@ type SessionCookie struct {
 	TotpPending bool
 	OAuthGroups string
 	OAuthName   string
 	OAuthSub    string
 }
 type UserContext struct {
@@ -138,6 +140,7 @@ type UserContext struct {
 	OAuthGroups string
 	TotpEnabled bool
 	OAuthName   string
 	OAuthSub    string
 }
 // API responses and queries
--- a/internal/controller/context_controller.go
+++ b/internal/controller/context_controller.go
@@ -3,7 +3,8 @@ package controller
 import (
 	"fmt"
 	"net/url"
-	"tinyauth/internal/utils"
+
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
@@ -20,6 +21,7 @@ type UserContextResponse struct {
 	OAuth       bool   `json:"oauth"`
 	TotpPending bool   `json:"totpPending"`
 	OAuthName   string `json:"oauthName"`
 	OAuthSub    string `json:"oauthSub"`
 }
 type AppContextResponse struct {
@@ -88,6 +90,7 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
 		OAuth:       context.OAuth,
 		TotpPending: context.TotpPending,
 		OAuthName:   context.OAuthName,
 		OAuthSub:    context.OAuthSub,
 	}
 	if err != nil {
--- a/internal/controller/context_controller_test.go
+++ b/internal/controller/context_controller_test.go
@@ -4,8 +4,9 @@ import (
 	"encoding/json"
 	"net/http/httptest"
 	"testing"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/controller"
+	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
@@ -43,6 +44,7 @@ var userContext = config.UserContext{
 	TotpPending: false,
 	OAuthGroups: "",
 	TotpEnabled: false,
 	OAuthSub:    "",
 }
 func setupContextController(middlewares *[]gin.HandlerFunc) (*gin.Engine, *httptest.ResponseRecorder) {
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -5,9 +5,10 @@ import (
 	"net/http"
 	"strings"
 	"time"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/service"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/utils"
+	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
@@ -196,6 +197,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		Provider:    req.Provider,
 		OAuthGroups: utils.CoalesceToString(user.Groups),
 		OAuthName:   service.GetName(),
 		OAuthSub:    user.Sub,
 	}
 	log.Trace().Interface("session_cookie", sessionCookie).Msg("Creating session cookie")
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -5,9 +5,10 @@ import (
 	"net/http"
 	"slices"
 	"strings"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/service"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/utils"
+	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/google/go-querystring/query"
@@ -238,6 +239,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))
 		c.Header("Remote-Email", utils.SanitizeHeader(userContext.Email))
 		c.Header("Remote-Groups", utils.SanitizeHeader(userContext.OAuthGroups))
 		c.Header("Remote-Sub", utils.SanitizeHeader(userContext.OAuthSub))
 		controller.setHeaders(c, acls)
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -3,9 +3,10 @@ package controller_test
 import (
 	"net/http/httptest"
 	"testing"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/controller"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/service"
+	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
--- a/internal/controller/resources_controller_test.go
+++ b/internal/controller/resources_controller_test.go
@@ -4,7 +4,8 @@ import (
 	"net/http/httptest"
 	"os"
 	"testing"
-	"tinyauth/internal/controller"
+
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@@ -3,9 +3,10 @@ package controller
 import (
 	"fmt"
 	"strings"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/service"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/utils"
+	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"
--- a/internal/controller/user_controller_test.go
+++ b/internal/controller/user_controller_test.go
@@ -7,9 +7,10 @@ import (
 	"strings"
 	"testing"
 	"time"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/controller"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/service"
+	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -3,9 +3,10 @@ package middleware
 import (
 	"fmt"
 	"strings"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/service"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/utils"
+	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
@@ -98,6 +99,7 @@ func (m *ContextMiddleware) Middleware() gin.HandlerFunc {
 				Provider:    cookie.Provider,
 				OAuthGroups: cookie.OAuthGroups,
 				OAuthName:   cookie.OAuthName,
 				OAuthSub:    cookie.OAuthSub,
 				IsLoggedIn:  true,
 				OAuth:       true,
 			})
--- a/internal/middleware/ui_middleware.go
+++ b/internal/middleware/ui_middleware.go
@@ -7,7 +7,8 @@ import (
 	"os"
 	"strings"
 	"time"
-	"tinyauth/internal/assets"
+
 	"github.com/steveiliop56/tinyauth/internal/assets"
 	"github.com/gin-gonic/gin"
 )
--- a/internal/model/session_model.go
+++ b/internal/model/session_model.go
@@ -10,4 +10,5 @@ type Session struct {
 	OAuthGroups string `gorm:"column:oauth_groups"`
 	Expiry      int64  `gorm:"column:expiry"`
 	OAuthName   string `gorm:"column:oauth_name"`
 	OAuthSub    string `gorm:"column:oauth_sub"`
 }
--- a/internal/service/access_controls_service.go
+++ b/internal/service/access_controls_service.go
@@ -1,7 +1,7 @@
 package service
 import (
-	"tinyauth/internal/config"
+	"github.com/steveiliop56/tinyauth/internal/config"
 )
 /*
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -7,9 +7,10 @@ import (
 	"strings"
 	"sync"
 	"time"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/model"
+	"github.com/steveiliop56/tinyauth/internal/config"
-	"tinyauth/internal/utils"
+	"github.com/steveiliop56/tinyauth/internal/model"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -212,6 +213,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		OAuthGroups: data.OAuthGroups,
 		Expiry:      time.Now().Add(time.Duration(expiry) * time.Second).Unix(),
 		OAuthName:   data.OAuthName,
 		OAuthSub:    data.OAuthSub,
 	}
 	err = gorm.G[model.Session](auth.database).Create(c, &session)
@@ -313,6 +315,7 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		TotpPending: session.TOTPPending,
 		OAuthGroups: session.OAuthGroups,
 		OAuthName:   session.OAuthName,
 		OAuthSub:    session.OAuthSub,
 	}, nil
 }
--- a/internal/service/database_service.go
+++ b/internal/service/database_service.go
@@ -5,7 +5,8 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"tinyauth/internal/assets"
+
 	"github.com/steveiliop56/tinyauth/internal/assets"
 	"github.com/glebarez/sqlite"
 	"github.com/golang-migrate/migrate/v4"
--- a/internal/service/docker_service.go
+++ b/internal/service/docker_service.go
@@ -3,8 +3,9 @@ package service
 import (
 	"context"
 	"strings"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/utils/decoders"
+	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/utils/decoders"
 	container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -10,7 +10,8 @@ import (
 	"io"
 	"net/http"
 	"time"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/oauth2"
--- a/internal/service/github_oauth_service.go
+++ b/internal/service/github_oauth_service.go
@@ -9,8 +9,10 @@ import (
 	"fmt"
 	"io"
 	"net/http"
 	"strconv"
 	"time"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/endpoints"
@@ -26,6 +28,7 @@ type GithubEmailResponse []struct {
 type GithubUserInfoResponse struct {
 	Login string `json:"login"`
 	Name  string `json:"name"`
 	ID    int    `json:"id"`
 }
 type GithubOAuthService struct {
@@ -171,6 +174,7 @@ func (github *GithubOAuthService) Userinfo() (config.Claims, error) {
 	user.PreferredUsername = userInfo.Login
 	user.Name = userInfo.Name
 	user.Sub = strconv.Itoa(userInfo.ID)
 	return user, nil
 }
--- a/internal/service/google_oauth_service.go
+++ b/internal/service/google_oauth_service.go
@@ -10,18 +10,14 @@ import (
 	"net/http"
 	"strings"
 	"time"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/endpoints"
 )
-var GoogleOAuthScopes = []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"}
+var GoogleOAuthScopes = []string{"openid", "email", "profile"}
 type GoogleUserInfoResponse struct {
 	Email string `json:"email"`
 	Name  string `json:"name"`
 }
 type GoogleOAuthService struct {
 	config   oauth2.Config
@@ -90,7 +86,7 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 	client := google.config.Client(google.context, google.token)
-	res, err := client.Get("https://www.googleapis.com/userinfo/v2/me")
+	res, err := client.Get("https://openidconnect.googleapis.com/v1/userinfo")
 	if err != nil {
 		return config.Claims{}, err
 	}
@@ -105,16 +101,12 @@ func (google *GoogleOAuthService) Userinfo() (config.Claims, error) {
 		return config.Claims{}, err
 	}
-	var userInfo GoogleUserInfoResponse
+	err = json.Unmarshal(body, &user)
 	err = json.Unmarshal(body, &userInfo)
 	if err != nil {
 		return config.Claims{}, err
 	}
-	user.PreferredUsername = strings.Split(userInfo.Email, "@")[0]
+	user.PreferredUsername = strings.SplitN(user.Email, "@", 2)[0]
 	user.Name = userInfo.Name
 	user.Email = userInfo.Email
 	return user, nil
 }
--- a/internal/service/oauth_broker_service.go
+++ b/internal/service/oauth_broker_service.go
@@ -2,7 +2,8 @@ package service
 import (
 	"errors"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/exp/slices"
--- a/internal/utils/app_utils.go
+++ b/internal/utils/app_utils.go
@@ -5,7 +5,8 @@ import (
 	"net"
 	"net/url"
 	"strings"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/gin-gonic/gin"
 	"github.com/weppos/publicsuffix-go/publicsuffix"
--- a/internal/utils/app_utils_test.go
+++ b/internal/utils/app_utils_test.go
@@ -2,8 +2,9 @@ package utils_test
 import (
 	"testing"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/utils"
+	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"github.com/gin-gonic/gin"
 	"gotest.tools/v3/assert"
--- a/internal/utils/decoders/label_decoder_test.go
+++ b/internal/utils/decoders/label_decoder_test.go
@@ -2,8 +2,9 @@ package decoders_test
 import (
 	"testing"
-	"tinyauth/internal/config"
+
-	"tinyauth/internal/utils/decoders"
+	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/utils/decoders"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/label_utils_test.go
+++ b/internal/utils/label_utils_test.go
@@ -2,7 +2,8 @@ package utils_test
 import (
 	"testing"
-	"tinyauth/internal/utils"
+
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/loaders/loader_env.go
+++ b/internal/utils/loaders/loader_env.go
@@ -3,7 +3,8 @@ package loaders
 import (
 	"fmt"
 	"os"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/traefik/paerser/cli"
 	"github.com/traefik/paerser/env"
--- a/internal/utils/security_utils_test.go
+++ b/internal/utils/security_utils_test.go
@@ -3,7 +3,8 @@ package utils_test
 import (
 	"os"
 	"testing"
-	"tinyauth/internal/utils"
+
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/string_utils_test.go
+++ b/internal/utils/string_utils_test.go
@@ -2,7 +2,8 @@ package utils_test
 import (
 	"testing"
-	"tinyauth/internal/utils"
+
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
--- a/internal/utils/user_utils.go
+++ b/internal/utils/user_utils.go
@@ -3,7 +3,8 @@ package utils
 import (
 	"errors"
 	"strings"
-	"tinyauth/internal/config"
+
 	"github.com/steveiliop56/tinyauth/internal/config"
 )
 func ParseUsers(users string) ([]config.User, error) {
--- a/internal/utils/user_utils_test.go
+++ b/internal/utils/user_utils_test.go
@@ -3,7 +3,8 @@ package utils_test
 import (
 	"os"
 	"testing"
-	"tinyauth/internal/utils"
+
 	"github.com/steveiliop56/tinyauth/internal/utils"
 	"gotest.tools/v3/assert"
 )
Author	SHA1	Message	Date
Stavros	43487d44f7	feat: forward sub from oidc providers (#543 ) * feat: forward sub from oidc providers * fix: review comments	2025-12-26 19:02:51 +02:00
Stavros	2d8af0510e	feat: refresh session cookie when session is active (#540 ) * feat: refresh session cookie when session is active * refactor: use current time to set new expiry	2025-12-26 17:55:54 +02:00
Stavros	a1c3e416b6	refactor: use proper module name (#542 ) * chore: reorganize go mod * refactor: use proper module name	2025-12-26 17:53:24 +02:00
Stavros	7269fa1b95	chore: disable issue enrichment in coderabbit	2025-12-23 23:10:33 +02:00
		`@@ -0,0 +1 @@`
							`ALTER TABLE "sessions" DROP COLUMN "oauth_sub";`
		`@@ -0,0 +1 @@`
							`ALTER TABLE "sessions" ADD COLUMN "oauth_sub" TEXT;`