fix: remove transient oidc session after use

ory · Apr 3, 2024 · 6e3f5b6 · 6e3f5b6
1 parent 1f27af4
commit 6e3f5b6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/handler/openid/flow_explicit_token.go b/handler/openid/flow_explicit_token.go
@@ -22,15 +22,18 @@ func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context
 		return errorsx.WithStack(fosite.ErrUnknownRequest)
 	}
 
-	authorizeCode := requester.GetRequestForm().Get("code")
-
-	authorize, err := c.OpenIDConnectRequestStorage.GetOpenIDConnectSession(ctx, authorizeCode, requester)
+	code := requester.GetRequestForm().Get("code")
+	authorize, err := c.OpenIDConnectRequestStorage.GetOpenIDConnectSession(ctx, code, requester)
 	if errors.Is(err, ErrNoSessionFound) {
 		return errorsx.WithStack(fosite.ErrUnknownRequest.WithWrap(err).WithDebug(err.Error()))
 	} else if err != nil {
 		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
 	}
 
+	if err := c.OpenIDConnectRequestStorage.DeleteOpenIDConnectSession(ctx, code); err != nil {
+		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
+	}
+
 	if !authorize.GetGrantedScopes().Has("openid") {
 		return errorsx.WithStack(fosite.ErrMisconfiguration.WithDebug("An OpenID Connect session was found but the openid scope is missing, probably due to a broken code configuration."))
 	}

diff --git a/handler/openid/storage.go b/handler/openid/storage.go
@@ -22,6 +22,6 @@ type OpenIDConnectRequestStorage interface {
 	// - or an arbitrary error if an error occurred.
 	GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)
 
-	// DeleteOpenIDConnectSession removes an open id connect session from the store.
+	// DeleteOpenIDConnectSession removes the OpenID Connect Session from the store.
 	DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
 }