From 4ca50e08021e51c22bb3df836fa198ce16382dcb Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 21 Mar 2023 08:59:44 +0100
Subject: [PATCH] fix: check for empty applicationID on assertRoles (#5509)

* fix: check for empty applicationID on assertRoles

* remove unintended added file
---
 internal/api/oidc/client.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go
index 80dad0aec4..1412d40fab 100644
--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@@ -635,6 +635,9 @@ func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, userG
 }
 
 func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID string, requestedRoles []string) (*query.UserGrants, map[string]map[string]string, error) {
+	if applicationID == "" || len(requestedRoles) == 0 {
+		return nil, nil, nil
+	}
 	projectID, err := o.query.ProjectIDFromClientID(ctx, applicationID, false)
 	if err != nil {
 		return nil, nil, err