From 4f97cd4188b6028e955c8dc62e122ec409b32db3 Mon Sep 17 00:00:00 2001 From: Elias Schneider Date: Tue, 2 Jun 2026 14:08:33 +0200 Subject: [PATCH] refactor: fix linter issues --- backend/internal/dto/oidc_dto.go | 2 +- backend/internal/service/oidc_service.go | 43 +++++++++++++++--------- 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/backend/internal/dto/oidc_dto.go b/backend/internal/dto/oidc_dto.go index c44bd657..d21a4df4 100644 --- a/backend/internal/dto/oidc_dto.go +++ b/backend/internal/dto/oidc_dto.go @@ -105,7 +105,7 @@ type AuthorizeOidcClientResponseDto struct { } type AuthorizationRequiredDto struct { - ClientID string `json:"clientID" binding:"required"` + ClientID string `json:"clientID" binding:"required"` Scope string `json:"scope"` RequestURI string `json:"requestURI"` } diff --git a/backend/internal/service/oidc_service.go b/backend/internal/service/oidc_service.go index 76a67960..941ee2c4 100644 --- a/backend/internal/service/oidc_service.go +++ b/backend/internal/service/oidc_service.go @@ -148,24 +148,9 @@ func (s *OidcService) Authorize(ctx context.Context, input dto.AuthorizeOidcClie // If a request_uri is provided, consume the stored PAR and overwrite input fields if input.RequestURI != "" { - par, err := s.getAndConsumePushedAuthorizationRequest(ctx, tx, input.ClientID, input.RequestURI) - if err != nil { + if err := s.applyPushedAuthorizationRequest(ctx, tx, &input); err != nil { return "", "", err } - input.Scope = par.Scope - input.CallbackURL = par.RedirectURI - input.Nonce = par.Nonce - input.Prompt = par.Prompt - if par.CodeChallenge != nil { - input.CodeChallenge = *par.CodeChallenge - } else { - input.CodeChallenge = "" - } - if par.CodeChallengeMethod != nil { - input.CodeChallengeMethod = *par.CodeChallengeMethod - } else { - input.CodeChallengeMethod = "" - } } // If the client is not public, the code challenge must be provided @@ -271,6 +256,32 @@ func (s *OidcService) Authorize(ctx context.Context, input dto.AuthorizeOidcClie return code, callbackURL, nil } +// applyPushedAuthorizationRequest consumes the stored PAR for the given request_uri +// and overwrites the corresponding fields on input. +func (s *OidcService) applyPushedAuthorizationRequest(ctx context.Context, tx *gorm.DB, input *dto.AuthorizeOidcClientRequestDto) error { + par, err := s.getAndConsumePushedAuthorizationRequest(ctx, tx, input.ClientID, input.RequestURI) + if err != nil { + return err + } + + input.Scope = par.Scope + input.CallbackURL = par.RedirectURI + input.Nonce = par.Nonce + input.Prompt = par.Prompt + + input.CodeChallenge = "" + if par.CodeChallenge != nil { + input.CodeChallenge = *par.CodeChallenge + } + + input.CodeChallengeMethod = "" + if par.CodeChallengeMethod != nil { + input.CodeChallengeMethod = *par.CodeChallengeMethod + } + + return nil +} + // HasAuthorizedClient checks if the user has already authorized the client with the given scope func (s *OidcService) HasAuthorizedClient(ctx context.Context, clientID, userID, scope string) (bool, error) { return s.hasAuthorizedClientInternal(ctx, clientID, userID, scope, s.db)