Fixed token fetch from IDP

server: fix error reporting and logic for /keys handler

internal/flows/jwt_bearer.go

@@ -51,6 +51,9 @@ func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (s
 	if client == nil {
 		return "", fmt.Errorf("invalid client (client is nil)")
 	}
+	if verbose {
+		fmt.Printf("ID token (IDP): %s\n access token (IDP): %s", accessToken, idToken)
+	}
 	if accessToken != "" {
 		_, err := jws.Verify([]byte(accessToken), jws.WithKeySet(client.Provider.KeySet), jws.WithValidateKey(true))
 		if err != nil {

internal/oauth/authenticate.go

@@ -109,12 +109,14 @@ func (client *Client) FetchTokenFromAuthenticationServer(code string, state stri
 	}
 	res, err := http.PostForm(client.Provider.Endpoints.Token, body)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get ID token: %s", err)
+		return nil, fmt.Errorf("failed to get ID token: %v", err)
 	}
+	b, err := io.ReadAll(res.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read response body: %v", err)
+	}
+	fmt.Printf("%s\n", string(b))
 	defer res.Body.Close()
 
-	// domain, _ := url.Parse("http://127.0.0.1")
+	return b, nil
-	// client.Jar.SetCookies(domain, res.Cookies())
-
-	return io.ReadAll(res.Body)
 }

internal/server/server.go

@@ -141,38 +141,47 @@ func (s *Server) StartLogin(clients []oauth.Client, params ServerParams) error {
 			p    = params.AuthProvider
 			jwks []byte
 		)
-		// try and get the JWKS from param first
+
-		if p.Endpoints.JwksUri != "" {
+		fetchAndMarshal := func() (err error) {
-			err := p.FetchJwks()
+			err = p.FetchJwks()
 			if err != nil {
-				fmt.Printf("failed to fetch keys using JWKS url...trying to fetch config and try again...\n")
+				fmt.Printf("failed to fetch keys: %v\n", err)
+				return
 			}
 			jwks, err = json.Marshal(p.KeySet)
 			if err != nil {
 				fmt.Printf("failed to marshal JWKS: %v\n", err)
 			}
-		} else if p.Endpoints.Config != "" && jwks == nil {
-			// otherwise, try and fetch the whole config and try again
-			err := p.FetchServerConfig()
-			if err != nil {
-				fmt.Printf("failed to fetch server config: %v\n", err)
-				http.Redirect(w, r, "/error", http.StatusInternalServerError)
 			return
 		}
-			err = p.FetchJwks()
+
-			if err != nil {
+		// try and get the JWKS from param first
-				fmt.Printf("failed to fetch JWKS after fetching server config: %v\n", err)
+		if p.Endpoints.JwksUri != "" {
-				http.Redirect(w, r, "/error", http.StatusInternalServerError)
+			if err := fetchAndMarshal(); err != nil {
+				w.Write(jwks)
 				return
 			}
 		}
 
-		// forward the JWKS from the authorization server
+		// otherwise or if fetching the JWKS failed, try and fetch the whole config first and try again
-		if jwks == nil {
+		if p.Endpoints.Config != "" {
-			fmt.Printf("no JWKS was fetched from authorization server\n")
+			if err := p.FetchServerConfig(); err != nil {
-			http.Redirect(w, r, "/error", http.StatusInternalServerError)
+				fmt.Printf("failed to fetch server config: %v\n", err)
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 				return
 			}
+		} else {
+			fmt.Printf("getting JWKS from param failed and endpoints config unavailable\n")
+			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			return
+		}
+
+		if err := fetchAndMarshal(); err != nil {
+			fmt.Printf("failed to fetch and marshal JWKS after config update: %v\n", err)
+			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			return
+		}
+
 		w.Write(jwks)
 	})
 	r.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {