starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-21 09:15:55 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

fix: ignore client secret if client is public (#836)

Browse Source 
Co-authored-by: James18232 <80368042+James18232@users.noreply.github.com>
This commit is contained in:
James18232
2025-08-17 01:55:32 +10:00
committed by GitHub
parent 17d8893bdb
commit 7b1f6b8857
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/internal/service/oidc_service.go
View File

@@ -1462,8 +1462,8 @@ func (s *OidcService) verifyClientCredentialsInternal(ctx context.Context, tx *g
// Validate credentials based on the authentication method // Validate credentials based on the authentication method
switch { switch {
// First, if we have a client secret, we validate it // First, if we have a client secret, we validate it unless client is marked as public
case input.ClientSecret != "": case input.ClientSecret != "" && !client.IsPublic:
err = bcrypt.CompareHashAndPassword([]byte(client.Secret), []byte(input.ClientSecret)) err = bcrypt.CompareHashAndPassword([]byte(client.Secret), []byte(input.ClientSecret))
if err != nil { if err != nil {
return nil, &common.OidcClientSecretInvalidError{} return nil, &common.OidcClientSecretInvalidError{}