fix: error handling to prevent panics (#8248)

# Which Problems Are Solved

We found multiple cases where either the error was not properly handled,
which led to panics.

# How the Problems Are Solved

Handle the errors.

# Additional Changes

None.

# Additional Context

- noticed internally

internal/api/oidc/auth_request.go

@@ -513,6 +513,11 @@ func (s *Server) authorizeCallbackHandler(w http.ResponseWriter, r *http.Request
 		return authReq, s.authResponse(authReq, authorizer, w, r)
 	}(r.Context())
 	if err != nil {
+		// we need to make sure there's no empty interface passed
+		if authReq == nil {
+			op.AuthRequestError(w, r, nil, err, authorizer)
+			return
+		}
 		op.AuthRequestError(w, r, authReq, err, authorizer)
 	}
 }

internal/api/oidc/userinfo.go

@@ -111,6 +111,9 @@ func (s *Server) userInfo(
 			}
 			rawUserInfo = userInfoToOIDC(qu, userInfoAssertion, scope, s.assetAPIPrefix(ctx))
 		})
+		if err != nil {
+			return nil, err
+		}
 		// copy the userinfo to make sure the assert roles and actions use their own copy (e.g. map)
 		userInfo := &oidc.UserInfo{
 			Subject:         rawUserInfo.Subject,