oidc: Fix for OIDC servers not supporting RFC 9207

see #81
2025-12-13 14:42:30 +00:00 · 2025-06-22 23:55:57 +02:00
parent 668fa86e3c
commit f5d097ac55
1 changed files with 5 additions and 2 deletions
--- a/crates/oidc/src/lib.rs
+++ b/crates/oidc/src/lib.rs
@@ -138,7 +138,8 @@ pub async fn route_post_oidc(
 #[derive(Debug, Clone, Deserialize)]
 pub struct AuthCallbackQuery {
    code: AuthorizationCode,
-    iss: IssuerUrl,
+    // RFC 9207
+    iss: Option<IssuerUrl>,
    state: String,
 }

@@ -153,7 +154,9 @@ pub async fn route_get_oidc_callback<US: UserStore + Clone>(
 ) -> Result<Response, OidcError> {
    let callback_uri = format!("https://{host}/frontend/login/oidc/callback");

-    assert_eq!(iss, oidc_config.issuer);
+    if let Some(iss) = iss {
+        assert_eq!(iss, oidc_config.issuer);
+    }
    let oidc_state = session
        .remove::<OidcState>(SESSION_KEY_OIDC_STATE)
        .await?