fix(oidc): return clients without instance settings (#7036)

2025-08-12 03:37:34 +00:00 · 2023-12-07 11:43:45 +02:00
parent fb235d7ea1
commit 2e505f40f9
12 changed files with 126 additions and 39 deletions
--- a/internal/api/oidc/op.go
+++ b/internal/api/oidc/op.go
@@ -122,19 +122,21 @@ func NewServer(
 	}

 	server := &Server{
-		LegacyServer:        op.NewLegacyServer(provider, endpoints(config.CustomEndpoints)),
-		features:            config.Features,
-		repo:                repo,
-		query:               query,
-		command:             command,
-		keySet:              newKeySet(context.TODO(), time.Hour, query.GetActivePublicKeyByID),
-		defaultLoginURL:     fmt.Sprintf("%s%s?%s=", login.HandlerPrefix, login.EndpointLogin, login.QueryAuthRequestID),
-		defaultLoginURLV2:   config.DefaultLoginURLV2,
-		defaultLogoutURLV2:  config.DefaultLogoutURLV2,
-		fallbackLogger:      fallbackLogger,
-		hashAlg:             crypto.NewBCrypt(10), // as we are only verifying in oidc, the cost is already part of the hash string and the config here is irrelevant.
-		signingKeyAlgorithm: config.SigningKeyAlgorithm,
-		assetAPIPrefix:      assets.AssetAPI(externalSecure),
+		LegacyServer:               op.NewLegacyServer(provider, endpoints(config.CustomEndpoints)),
+		features:                   config.Features,
+		repo:                       repo,
+		query:                      query,
+		command:                    command,
+		keySet:                     newKeySet(context.TODO(), time.Hour, query.GetActivePublicKeyByID),
+		defaultLoginURL:            fmt.Sprintf("%s%s?%s=", login.HandlerPrefix, login.EndpointLogin, login.QueryAuthRequestID),
+		defaultLoginURLV2:          config.DefaultLoginURLV2,
+		defaultLogoutURLV2:         config.DefaultLogoutURLV2,
+		defaultAccessTokenLifetime: config.DefaultAccessTokenLifetime,
+		defaultIdTokenLifetime:     config.DefaultIdTokenLifetime,
+		fallbackLogger:             fallbackLogger,
+		hashAlg:                    crypto.NewBCrypt(10), // as we are only verifying in oidc, the cost is already part of the hash string and the config here is irrelevant.
+		signingKeyAlgorithm:        config.SigningKeyAlgorithm,
+		assetAPIPrefix:             assets.AssetAPI(externalSecure),
 	}
 	metricTypes := []metrics.MetricType{metrics.MetricTypeRequestCount, metrics.MetricTypeStatusCode, metrics.MetricTypeTotalCount}
 	server.Handler = op.RegisterLegacyServer(server, op.WithHTTPMiddleware(