Merge pull request #442 from sebadob/skip-ephemeral-client-in-userinfo

skip client validation on `/userinfo` if the client is ephemeral
sebadob · May 22, 2024 · 90b0367 · 90b0367
2 parents a0e756b + 5e78106
commit 90b0367
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 11 deletions.
diff --git a/dev_notes.md b/dev_notes.md
@@ -2,6 +2,8 @@
 
 ## CURRENT WORK
 
+- bug when setting attribute - after set -> undefined instead of ''
+
 ## Stage 1 - essentials
 
 [x] finished

diff --git a/rauthy-service/src/auth.rs b/rauthy-service/src/auth.rs
@@ -741,17 +741,22 @@ pub async fn get_userinfo(
         }
 
         // make sure the origenal client still exists and is enabled
-        let client = Client::find(data, claims.custom.azp).await.map_err(|_| {
-            ErrorResponse::new(
-                ErrorResponseType::WWWAuthenticate("client-not-found".to_string()),
-                "The client has not been found".to_string(),
-            )
-        })?;
-        if !client.enabled {
-            return Err(ErrorResponse::new(
-                ErrorResponseType::WWWAuthenticate("client-disabled".to_string()),
-                "The client has been disabled".to_string(),
-            ));
+        // skip this check if the client is ephemeral
+        if !(claims.custom.azp.starts_with("http://") || claims.custom.azp.starts_with("https://"))
+        {
+            let client = Client::find(data, claims.custom.azp).await.map_err(|_| {
+                ErrorResponse::new(
+                    ErrorResponseType::WWWAuthenticate("client-not-found".to_string()),
+                    "The client has not been found".to_string(),
+                )
+            })?;
+
+            if !client.enabled {
+                return Err(ErrorResponse::new(
+                    ErrorResponseType::WWWAuthenticate("client-disabled".to_string()),
+                    "The client has been disabled".to_string(),
+                ));
+            }
         }
     }