Skip to content

Commit 5b106aa

Browse files
aeneasraeneasr
authored
fix: wrap authorize response in transaction (#3763)
1 parent d5eee06 commit 5b106aa

File tree

1 file changed

+26
-21
lines changed

1 file changed

+26
-21
lines changed

oauth2/handler.go

Lines changed: 26 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1126,31 +1126,36 @@ func (h *Handler) oAuth2Authorize(w http.ResponseWriter, r *http.Request, _ http
11261126
claims.Add("sid", session.ConsentRequest.LoginSessionID)
11271127

11281128
// done
1129-
response, err := h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, &Session{
1130-
DefaultSession: &openid.DefaultSession{
1131-
Claims: claims,
1132-
Headers: &jwt.Headers{Extra: map[string]interface{}{
1133-
// required for lookup on jwk endpoint
1134-
"kid": openIDKeyID,
1135-
}},
1136-
Subject: session.ConsentRequest.Subject,
1137-
},
1138-
Extra: session.Session.AccessToken,
1139-
KID: accessTokenKeyID,
1140-
ClientID: authorizeRequest.GetClient().GetID(),
1141-
ConsentChallenge: session.ID,
1142-
ExcludeNotBeforeClaim: h.c.ExcludeNotBeforeClaim(ctx),
1143-
AllowedTopLevelClaims: h.c.AllowedTopLevelClaims(ctx),
1144-
MirrorTopLevelClaims: h.c.MirrorTopLevelClaims(ctx),
1145-
Flow: flow,
1146-
})
1147-
if err != nil {
1129+
if err := h.r.Persister().Transaction(ctx, func(ctx context.Context, _ *pop.Connection) error {
1130+
response, err := h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, &Session{
1131+
DefaultSession: &openid.DefaultSession{
1132+
Claims: claims,
1133+
Headers: &jwt.Headers{Extra: map[string]interface{}{
1134+
// required for lookup on jwk endpoint
1135+
"kid": openIDKeyID,
1136+
}},
1137+
Subject: session.ConsentRequest.Subject,
1138+
},
1139+
Extra: session.Session.AccessToken,
1140+
KID: accessTokenKeyID,
1141+
ClientID: authorizeRequest.GetClient().GetID(),
1142+
ConsentChallenge: session.ID,
1143+
ExcludeNotBeforeClaim: h.c.ExcludeNotBeforeClaim(ctx),
1144+
AllowedTopLevelClaims: h.c.AllowedTopLevelClaims(ctx),
1145+
MirrorTopLevelClaims: h.c.MirrorTopLevelClaims(ctx),
1146+
Flow: flow,
1147+
})
1148+
if err != nil {
1149+
return err
1150+
}
1151+
1152+
h.r.OAuth2Provider().WriteAuthorizeResponse(ctx, w, authorizeRequest, response)
1153+
return nil
1154+
}); err != nil {
11481155
x.LogError(r, err, h.r.Logger())
11491156
h.writeAuthorizeError(w, r, authorizeRequest, err)
11501157
return
11511158
}
1152-
1153-
h.r.OAuth2Provider().WriteAuthorizeResponse(ctx, w, authorizeRequest, response)
11541159
}
11551160

11561161
// Delete OAuth 2.0 Access Token Parameters

0 commit comments

Comments
 (0)