diff --git a/internal/handlers/handler_oidc_token.go b/internal/handlers/handler_oidc_token.go index bda2205ae..d8efdae23 100644 --- a/internal/handlers/handler_oidc_token.go +++ b/internal/handlers/handler_oidc_token.go @@ -44,6 +44,8 @@ func OpenIDConnectTokenPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter } } + ctx.Logger.Tracef("Access Request with id '%s' on client with id '%s' response is being generated for session with type '%T'", requester.GetID(), client.GetID(), requester.GetSession()) + if responder, err = ctx.Providers.OpenIDConnect.Fosite.NewAccessResponse(ctx, requester); err != nil { rfc := fosite.ErrorToRFC6749Error(err) diff --git a/internal/model/oidc.go b/internal/model/oidc.go index d20b4cc8e..845790e5d 100644 --- a/internal/model/oidc.go +++ b/internal/model/oidc.go @@ -4,7 +4,6 @@ import ( "context" "crypto/sha256" "encoding/json" - "errors" "fmt" "net/url" "time" @@ -40,23 +39,27 @@ func NewOAuth2ConsentSession(subject NullUUID, r fosite.Requester) (consent *OAu func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session *OAuth2Session, err error) { var ( subject string - openidSession *OpenIDSession - sessData []byte + sessionOpenID *OpenIDSession + sessionData []byte ) - openidSession = r.GetSession().(*OpenIDSession) - if openidSession == nil { - return nil, errors.New("unexpected session type") + s := r.GetSession() + + switch t := s.(type) { + case *OpenIDSession: + sessionOpenID = t + default: + return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", s) } - subject = openidSession.GetSubject() + subject = sessionOpenID.GetSubject() - if sessData, err = json.Marshal(openidSession); err != nil { + if sessionData, err = json.Marshal(sessionOpenID); err != nil { return nil, err } return &OAuth2Session{ - ChallengeID: openidSession.ChallengeID, + ChallengeID: sessionOpenID.ChallengeID, RequestID: r.GetID(), ClientID: r.GetClient().GetID(), Signature: signature, @@ -69,7 +72,7 @@ func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session Active: true, Revoked: false, Form: r.GetRequestForm().Encode(), - Session: sessData, + Session: sessionData, }, nil }