From 645aa19a68874cbf0ae04c761394f7f9110afe3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Fri, 18 Aug 2023 15:00:03 +0200
Subject: [PATCH] fix(op): check if getTokenIDAndClaims succeeded

When getTokenIDAndClaims didn't succeed,
so `ok` would be false.
This was ignored and the accessTokenClaims.Claims call would panic.
---
 pkg/op/token_exchange.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/op/token_exchange.go b/pkg/op/token_exchange.go
index 055ff13..5a2387d 100644
--- a/pkg/op/token_exchange.go
+++ b/pkg/op/token_exchange.go
@@ -282,6 +282,9 @@ func GetTokenIDAndSubjectFromToken(
 	case oidc.AccessTokenType:
 		var accessTokenClaims *oidc.AccessTokenClaims
 		tokenIDOrToken, subject, accessTokenClaims, ok = getTokenIDAndClaims(ctx, exchanger, token)
+		if !ok {
+			break
+		}
 		claims = accessTokenClaims.Claims
 	case oidc.RefreshTokenType:
 		refreshTokenRequest, err := exchanger.Storage().TokenRequestByRefreshToken(ctx, token)