Fix authentication for machine clients

New Hydra v2 doesn't return an empty sub, but rather nil. Using GetSub() should fix this so we can do an introspection and fill in userInfo.Sub
This commit is contained in:
Mustafa Gezen 2024-04-25 16:31:06 +02:00
parent eddab71ce8
commit b63cd8ff31
Signed by untrusted user who does not match committer: mustafa
GPG Key ID: DCDF010D946438C1

View File

@ -92,7 +92,7 @@ func checkAuth(ctx context.Context, hydraSDK *client.APIClient, hydraAdmin *clie
if err != nil { if err != nil {
return ctx, err return ctx, err
} }
if *userInfo.Sub == "" && hydraAdmin != nil { if userInfo.GetSub() == "" && hydraAdmin != nil {
introspect, _, err := hydraAdmin.OAuth2API.IntrospectOAuth2Token(ctx).Token(authToken[1]).Execute() introspect, _, err := hydraAdmin.OAuth2API.IntrospectOAuth2Token(ctx).Token(authToken[1]).Execute()
if err != nil { if err != nil {
logrus.Errorf("error introspecting token: %s", err) logrus.Errorf("error introspecting token: %s", err)
@ -104,7 +104,7 @@ func checkAuth(ctx context.Context, hydraSDK *client.APIClient, hydraAdmin *clie
newEmail := fmt.Sprintf("%s@%s", *introspect.Sub, "serviceaccount.resf.org") newEmail := fmt.Sprintf("%s@%s", *introspect.Sub, "serviceaccount.resf.org")
userInfo.Email = &newEmail userInfo.Email = &newEmail
} }
if *userInfo.Sub == "" { if userInfo.GetSub() == "" {
return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token") return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token")
} }