fix: improve login_hint usage on IDPs (#6899)

* only set prompt if no login_hint is set * update to current state and cleanup
2025-08-12 06:07:33 +00:00 · 2023-11-13 10:25:26 +02:00
parent 42a2c0093d
commit 0386fe7f96
8 changed files with 85 additions and 59 deletions
--- a/internal/idp/providers/jwt/jwt.go
+++ b/internal/idp/providers/jwt/jwt.go
@@ -91,13 +91,10 @@ func (p *Provider) Name() string {
 // BeginAuth implements the [idp.Provider] interface.
 // It will create a [Session] with an AuthURL, pointing to the jwtEndpoint
 // with the authRequest and encrypted userAgent ids.
-func (p *Provider) BeginAuth(ctx context.Context, state string, params ...any) (idp.Session, error) {
-	if len(params) < 1 {
-		return nil, ErrMissingUserAgentID
-	}
-	userAgentID, ok := params[0].(string)
-	if !ok {
-		return nil, ErrMissingUserAgentID
+func (p *Provider) BeginAuth(ctx context.Context, state string, params ...idp.Parameter) (idp.Session, error) {
+	userAgentID, err := userAgentIDFromParams(params...)
+	if err != nil {
+		return nil, err
 	}
 	redirect, err := url.Parse(p.jwtEndpoint)
 	if err != nil {
@@ -114,6 +111,15 @@ func (p *Provider) BeginAuth(ctx context.Context, state string, params ...any) (
 	return &Session{AuthURL: redirect.String()}, nil
 }

+func userAgentIDFromParams(params ...idp.Parameter) (string, error) {
+	for _, param := range params {
+		if id, ok := param.(idp.UserAgentID); ok {
+			return string(id), nil
+		}
+	}
+	return "", ErrMissingUserAgentID
+}
+
 // IsLinkingAllowed implements the [idp.Provider] interface.
 func (p *Provider) IsLinkingAllowed() bool {
 	return p.isLinkingAllowed