pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disable client secret check when no secret is specified
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Pierre HUBERT 2025-02-21 14:58:13 +01:00
parent d01311abf1
commit 1a1a41d5dc
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/controllers/openid_controller.rs
View File

@ -369,9 +369,7 @@ pub async fn token(
let (client_id, client_secret) =
match (&query.client_id, &query.client_secret, authorization_header) {
// post authentication
(Some(client_id), Some(client_secret), None) => {
(client_id.clone(), client_secret.to_string())
}
(Some(client_id), client_secret, None) => (client_id.clone(), client_secret.clone()),
// Basic authentication
(_, None, Some(v)) => {
@ -402,8 +400,8 @@ pub async fn token(
.to_string();
match decode.split_once(':') {
None => (ClientID(decode), "".to_string()),
Some((id, secret)) => (ClientID(id.to_string()), secret.to_string()),
None => (ClientID(decode), None),
Some((id, secret)) => (ClientID(id.to_string()), Some(secret.to_string())),
}
}
@ -421,7 +419,7 @@ pub async fn token(
.ok_or_else(|| ErrorUnauthorized("Client not found"))?;
// Retrieving token requires the client to have a defined secret
if client.secret != Some(client_secret) {
if client.secret != client_secret {
return Ok(error_response(
&query,
"invalid_request",