fix: improve login_hint usage on IDPs (#6899)

* only set prompt if no login_hint is set * update to current state and cleanup
2025-08-12 01:47:33 +00:00 · 2023-11-13 10:25:26 +02:00
parent 42a2c0093d
commit 0386fe7f96
8 changed files with 85 additions and 59 deletions
--- a/internal/idp/providers/jwt/jwt.go
+++ b/internal/idp/providers/jwt/jwt.go
@@ -91,13 +91,10 @@ func (p *Provider) Name() string {
 // BeginAuth implements the [idp.Provider] interface.
 // It will create a [Session] with an AuthURL, pointing to the jwtEndpoint
 // with the authRequest and encrypted userAgent ids.
-func (p *Provider) BeginAuth(ctx context.Context, state string, params ...any) (idp.Session, error) {
-	if len(params) < 1 {
-		return nil, ErrMissingUserAgentID
-	}
-	userAgentID, ok := params[0].(string)
-	if !ok {
-		return nil, ErrMissingUserAgentID
+func (p *Provider) BeginAuth(ctx context.Context, state string, params ...idp.Parameter) (idp.Session, error) {
+	userAgentID, err := userAgentIDFromParams(params...)
+	if err != nil {
+		return nil, err
 	}
 	redirect, err := url.Parse(p.jwtEndpoint)
 	if err != nil {
@@ -114,6 +111,15 @@ func (p *Provider) BeginAuth(ctx context.Context, state string, params ...any) (
 	return &Session{AuthURL: redirect.String()}, nil
 }

+func userAgentIDFromParams(params ...idp.Parameter) (string, error) {
+	for _, param := range params {
+		if id, ok := param.(idp.UserAgentID); ok {
+			return string(id), nil
+		}
+	}
+	return "", ErrMissingUserAgentID
+}
+
 // IsLinkingAllowed implements the [idp.Provider] interface.
 func (p *Provider) IsLinkingAllowed() bool {
 	return p.isLinkingAllowed
--- a/internal/idp/providers/jwt/jwt_test.go
+++ b/internal/idp/providers/jwt/jwt_test.go
@@ -23,7 +23,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 		encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
 	}
 	type args struct {
-		params []any
+		params []idp.Parameter
 	}
 	type want struct {
 		session idp.Session
@@ -55,28 +55,6 @@ func TestProvider_BeginAuth(t *testing.T) {
 				},
 			},
 		},
-		{
-			name: "invalid userAgentID error",
-			fields: fields{
-				issuer:       "https://jwt.com",
-				jwtEndpoint:  "https://auth.com/jwt",
-				keysEndpoint: "https://jwt.com/keys",
-				headerName:   "jwt-header",
-				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
-					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
-				},
-			},
-			args: args{
-				params: []any{
-					0,
-				},
-			},
-			want: want{
-				err: func(err error) bool {
-					return errors.Is(err, ErrMissingUserAgentID)
-				},
-			},
-		},
 		{
 			name: "successful auth",
 			fields: fields{
@@ -89,8 +67,8 @@ func TestProvider_BeginAuth(t *testing.T) {
 				},
 			},
 			args: args{
-				params: []any{
-					"agent",
+				params: []idp.Parameter{
+					idp.UserAgentID("agent"),
 				},
 			},
 			want: want{