From 9e0d72853703434bd7fa78808fccd2f912f3fefa Mon Sep 17 00:00:00 2001 From: Nikos Date: Mon, 18 Nov 2024 11:26:23 +0200 Subject: [PATCH] fix: create openid session when log in succeeds --- oauth2/handler.go | 8 +++++++- persistence/sql/persister_oauth2.go | 24 ------------------------ x/fosite_storer.go | 2 -- 3 files changed, 7 insertions(+), 27 deletions(-) diff --git a/oauth2/handler.go b/oauth2/handler.go index 54be1a16a6..71a874bb44 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -784,7 +784,13 @@ func (h *Handler) performOAuth2DeviceVerificationFlow(w http.ResponseWriter, r * // Update the OpenID Connect session if "openid" scope is granted if req.GetGrantedScopes().Has("openid") { - err = h.r.OAuth2Storage().UpdateOpenIDConnectSessionByRequestID(ctx, f.DeviceCodeRequestID.String(), req) + err = h.r.OAuth2Storage().CreateOpenIDConnectSession(ctx, req.GetID(), req.Sanitize([]string{"grant_type", + "max_age", + "prompt", + "acr_values", + "id_token_hint", + "nonce", + })) if err != nil { x.LogError(r, err, h.r.Logger()) h.r.Writer().WriteError(w, r, err) diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go index a9c3d2a8a9..083e67ac5d 100644 --- a/persistence/sql/persister_oauth2.go +++ b/persistence/sql/persister_oauth2.go @@ -499,30 +499,6 @@ func (p *Persister) CreateOpenIDConnectSession(ctx context.Context, signature st return p.createSession(ctx, signature, requester, sqlTableOpenID, requester.GetSession().GetExpiresAt(fosite.AuthorizeCode).UTC()) } -// UpdateOpenIDConnectSessionByRequestID updates an OpenID session by requestID -func (p *Persister) UpdateOpenIDConnectSessionByRequestID(ctx context.Context, requestID string, requester fosite.Requester) (err error) { - ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateOpenIDConnectSessionByRequestID") - defer otelx.End(span, &err) - - req, err := p.sqlSchemaFromRequest(ctx, requestID, requester, sqlTableOpenID, requester.GetSession().GetExpiresAt(fosite.IDToken).UTC()) - if err != nil { - return err - } - - stmt := fmt.Sprintf( - "UPDATE %s SET granted_scope=?, granted_audience=?, session_data=? WHERE request_id=? AND nid = ?", - OAuth2RequestSQL{Table: sqlTableOpenID}.TableName(), - ) - - /* #nosec G201 table is static */ - err = p.Connection(ctx).RawQuery(stmt, req.GrantedScope, req.GrantedAudience, req.Session, requestID, p.NetworkID(ctx)).Exec() - if err != nil { - return sqlcon.HandleError(err) - } - - return nil -} - func (p *Persister) GetOpenIDConnectSession(ctx context.Context, signature string, requester fosite.Requester) (_ fosite.Requester, err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetOpenIDConnectSession") defer otelx.End(span, &err) diff --git a/x/fosite_storer.go b/x/fosite_storer.go index dfb1603d27..c2fa1e0659 100644 --- a/x/fosite_storer.go +++ b/x/fosite_storer.go @@ -40,8 +40,6 @@ type FositeStorer interface { FlushInactiveRefreshTokens(ctx context.Context, notAfter time.Time, limit int, batchSize int) error - UpdateOpenIDConnectSessionByRequestID(ctx context.Context, requestID string, requester fosite.Requester) error - // DeleteOpenIDConnectSession deletes an OpenID Connect session. // This is duplicated from Ory Fosite to help against deprecation linting errors. DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error