From 1652cc65f3f966d018d81a1ae22abb5ff1b4c47b Mon Sep 17 00:00:00 2001 From: Elias Schneider Date: Sat, 1 Mar 2025 20:42:00 +0100 Subject: [PATCH] fix: support POST for OIDC userinfo endpoint --- backend/internal/common/errors.go | 5 +++++ backend/internal/controller/oidc_controller.go | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/backend/internal/common/errors.go b/backend/internal/common/errors.go index dda1acf..fe81f21 100644 --- a/backend/internal/common/errors.go +++ b/backend/internal/common/errors.go @@ -94,6 +94,11 @@ type NotSignedInError struct{} func (e *NotSignedInError) Error() string { return "You are not signed in" } func (e *NotSignedInError) HttpStatusCode() int { return http.StatusUnauthorized } +type MissingAccessToken struct{} + +func (e *MissingAccessToken) Error() string { return "Missing access token" } +func (e *MissingAccessToken) HttpStatusCode() int { return http.StatusUnauthorized } + type MissingPermissionError struct{} func (e *MissingPermissionError) Error() string { diff --git a/backend/internal/controller/oidc_controller.go b/backend/internal/controller/oidc_controller.go index c95d6fa..e6765d7 100644 --- a/backend/internal/controller/oidc_controller.go +++ b/backend/internal/controller/oidc_controller.go @@ -23,6 +23,7 @@ func NewOidcController(group *gin.RouterGroup, jwtAuthMiddleware *middleware.Jwt group.POST("/oidc/token", oc.createTokensHandler) group.GET("/oidc/userinfo", oc.userInfoHandler) + group.POST("/oidc/userinfo", oc.userInfoHandler) group.POST("/oidc/end-session", oc.EndSessionHandler) group.GET("/oidc/end-session", oc.EndSessionHandler) @@ -111,7 +112,14 @@ func (oc *OidcController) createTokensHandler(c *gin.Context) { } func (oc *OidcController) userInfoHandler(c *gin.Context) { - token := strings.Split(c.GetHeader("Authorization"), " ")[1] + authHeaderSplit := strings.Split(c.GetHeader("Authorization"), " ") + if len(authHeaderSplit) != 2 { + c.Error(&common.MissingAccessToken{}) + return + } + + token := authHeaderSplit[1] + jwtClaims, err := oc.jwtService.VerifyOauthAccessToken(token) if err != nil { c.Error(err)