mirror of
https://github.com/davidallendj/opaal.git
synced 2025-12-20 03:27:02 -07:00
server: fix error reporting and logic for /keys handler
restores proper error reporting to include the host dialed, and fixes the tautological comparison `jwks == nil` in the recovery path to properly refetch the server config and try again as intended
This commit is contained in:
Tiziano Müller
parent
e929fac09e
commit
b304361ce9
1 changed files with 29 additions and 20 deletions
|
|
@ -141,38 +141,47 @@ func (s *Server) StartLogin(clients []oauth.Client, params ServerParams) error {
|
||||||
p = params.AuthProvider
|
p = params.AuthProvider
|
||||||
jwks []byte
|
jwks []byte
|
||||||
)
|
)
|
||||||
// try and get the JWKS from param first
|
|
||||||
if p.Endpoints.JwksUri != "" {
|
fetchAndMarshal := func() (err error) {
|
||||||
err := p.FetchJwks()
|
err = p.FetchJwks()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("failed to fetch keys using JWKS url...trying to fetch config and try again...\n")
|
fmt.Printf("failed to fetch keys: %v\n", err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
jwks, err = json.Marshal(p.KeySet)
|
jwks, err = json.Marshal(p.KeySet)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("failed to marshal JWKS: %v\n", err)
|
fmt.Printf("failed to marshal JWKS: %v\n", err)
|
||||||
}
|
}
|
||||||
} else if p.Endpoints.Config != "" && jwks == nil {
|
|
||||||
// otherwise, try and fetch the whole config and try again
|
|
||||||
err := p.FetchServerConfig()
|
|
||||||
if err != nil {
|
|
||||||
fmt.Printf("failed to fetch server config: %v\n", err)
|
|
||||||
http.Redirect(w, r, "/error", http.StatusInternalServerError)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = p.FetchJwks()
|
|
||||||
if err != nil {
|
// try and get the JWKS from param first
|
||||||
fmt.Printf("failed to fetch JWKS after fetching server config: %v\n", err)
|
if p.Endpoints.JwksUri != "" {
|
||||||
http.Redirect(w, r, "/error", http.StatusInternalServerError)
|
if err := fetchAndMarshal(); err != nil {
|
||||||
|
w.Write(jwks)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// forward the JWKS from the authorization server
|
// otherwise or if fetching the JWKS failed, try and fetch the whole config first and try again
|
||||||
if jwks == nil {
|
if p.Endpoints.Config != "" {
|
||||||
fmt.Printf("no JWKS was fetched from authorization server\n")
|
if err := p.FetchServerConfig(); err != nil {
|
||||||
http.Redirect(w, r, "/error", http.StatusInternalServerError)
|
fmt.Printf("failed to fetch server config: %v\n", err)
|
||||||
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
fmt.Printf("getting JWKS from param failed and endpoints config unavailable\n")
|
||||||
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := fetchAndMarshal(); err != nil {
|
||||||
|
fmt.Printf("failed to fetch and marshal JWKS after config update: %v\n", err)
|
||||||
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
w.Write(jwks)
|
w.Write(jwks)
|
||||||
})
|
})
|
||||||
r.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
|
r.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue