From f39ff13acb21ba2fe433b7a1cd5f4336a39dfb8f Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Thu, 16 Sep 2021 10:07:48 +0200
Subject: [PATCH] fix: check get origins and projectID only for tokens with
 clientID (#2378)

---
 internal/api/authz/context.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/internal/api/authz/context.go b/internal/api/authz/context.go
index 8e1b9f74a4..5855a13065 100644
--- a/internal/api/authz/context.go
+++ b/internal/api/authz/context.go
@@ -73,9 +73,13 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID string, t *To
 	if err != nil {
 		return CtxData{}, err
 	}
-	projectID, origins, err := t.ProjectIDAndOriginsByClientID(ctx, clientID)
-	if err != nil {
-		return CtxData{}, errors.ThrowPermissionDenied(err, "AUTH-GHpw2", "could not read projectid by clientid")
+	var projectID string
+	var origins []string
+	if clientID != "" {
+		projectID, origins, err = t.ProjectIDAndOriginsByClientID(ctx, clientID)
+		if err != nil {
+			return CtxData{}, errors.ThrowPermissionDenied(err, "AUTH-GHpw2", "could not read projectid by clientid")
+		}
 	}
 	if err := checkOrigin(ctx, origins); err != nil {
 		return CtxData{}, err