cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(op): allow expired id token hints in authorize (#527)

Browse source 
Like https://github.com/zitadel/oidc/pull/522 for end session,
this change allows passing an expired ID token hint to the authorize endpoint.
This commit is contained in:
Tim Möhlmann 2024-02-01 14:49:22 +02:00 committed by GitHub
parent 35d9540fd7
commit 045b59e5a5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkg/op/auth_request.go
View file

@ -391,9 +391,9 @@ func ValidateAuthReqIDTokenHint(ctx context.Context, idTokenHint string, verifie
return "", nil
}
claims, err := VerifyIDTokenHint[*oidc.TokenClaims](ctx, idTokenHint, verifier)
if err != nil {
if err != nil && !errors.As(err, &IDTokenHintExpiredError{}) {
return "", oidc.ErrLoginRequired().WithDescription("The id_token_hint is invalid. " +
"If you have any questions, you may contact the administrator of the application.")
"If you have any questions, you may contact the administrator of the application.").WithParent(err)
}
return claims.GetSubject(), nil
}