diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go index 4ba45baf84..65c1772d5a 100644 --- a/internal/api/oidc/client.go +++ b/internal/api/oidc/client.go @@ -224,7 +224,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection if err != nil { return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired") } - projectID, err := o.query.ProjectIDFromOIDCClientID(ctx, clientID) + projectID, err := o.query.ProjectIDFromClientID(ctx, clientID) if err != nil { return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found") } @@ -283,7 +283,7 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie } func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID string, requestedRoles []string) (map[string]map[string]string, error) { - projectID, err := o.query.ProjectIDFromOIDCClientID(ctx, applicationID) + projectID, err := o.query.ProjectIDFromClientID(ctx, applicationID) if err != nil { return nil, err } diff --git a/internal/auth/repository/eventsourcing/eventstore/application.go b/internal/auth/repository/eventsourcing/eventstore/application.go index 2a13c31ef2..ad1050aecd 100644 --- a/internal/auth/repository/eventsourcing/eventstore/application.go +++ b/internal/auth/repository/eventsourcing/eventstore/application.go @@ -17,7 +17,7 @@ func (a *ApplicationRepo) AuthorizeClientIDSecret(ctx context.Context, clientID, ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - app, err := a.Query.AppByOIDCClientID(ctx, clientID) + app, err := a.Query.AppByClientID(ctx, clientID) if err != nil { return err } diff --git a/internal/query/app.go b/internal/query/app.go index 17fef1f7a4..0b716410af 100644 --- a/internal/query/app.go +++ b/internal/query/app.go @@ -230,6 +230,19 @@ func (q *Queries) AppByID(ctx context.Context, appID string) (*App, error) { } func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) (string, error) { + stmt, scan := prepareProjectIDByAppQuery() + query, args, err := stmt.Where( + sq.Eq{AppOIDCConfigColumnClientID.identifier(): appID}, + ).ToSql() + if err != nil { + return "", errors.ThrowInternal(err, "QUERY-7d92U", "Errors.Query.SQLStatement") + } + + row := q.client.QueryRowContext(ctx, query, args...) + return scan(row) +} + +func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string) (string, error) { stmt, scan := prepareProjectIDByAppQuery() query, args, err := stmt.Where( sq.Or{ @@ -238,7 +251,7 @@ func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) ( }, ).ToSql() if err != nil { - return "", errors.ThrowInternal(err, "QUERY-7d92U", "Errors.Query.SQLStatement") + return "", errors.ThrowInternal(err, "QUERY-SDfg3", "Errors.Query.SQLStatement") } row := q.client.QueryRowContext(ctx, query, args...) @@ -273,6 +286,22 @@ func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (*App, return scan(row) } +func (q *Queries) AppByClientID(ctx context.Context, clientID string) (*App, error) { + stmt, scan := prepareAppQuery() + query, args, err := stmt.Where( + sq.Or{ + sq.Eq{AppOIDCConfigColumnClientID.identifier(): clientID}, + sq.Eq{AppAPIConfigColumnClientID.identifier(): clientID}, + }, + ).ToSql() + if err != nil { + return nil, errors.ThrowInternal(err, "QUERY-Dfge2", "Errors.Query.SQLStatement") + } + + row := q.client.QueryRowContext(ctx, query, args...) + return scan(row) +} + func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries) (*Apps, error) { query, scan := prepareAppsQuery() stmt, args, err := queries.toQuery(query).ToSql()