fix: incorrect context passthrough

ory · Aug 11, 2023 · 7ca5f8b · 7ca5f8b
1 parent 19212a3
commit 7ca5f8b
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/client/validator.go b/client/validator.go
@@ -10,13 +10,13 @@ import (
 	"net/url"
 	"strings"
 
+	"github.com/hashicorp/go-retryablehttp"
+
 	"github.com/ory/herodot"
 	"github.com/ory/hydra/v2/driver/config"
 	"github.com/ory/hydra/v2/x"
-	"github.com/ory/x/ipx"
-
 	"github.com/ory/x/errorsx"
-
+	"github.com/ory/x/ipx"
 	"github.com/ory/x/stringslice"
 )
 
@@ -213,7 +213,11 @@ func (v *Validator) ValidateSectorIdentifierURL(ctx context.Context, location st
 		return errorsx.WithStack(ErrInvalidClientMetadata.WithDebug("Value sector_identifier_uri must be an HTTPS URL but it is not."))
 	}
 
-	response, err := v.r.HTTPClient(ctx).Get(location)
+	req, err := retryablehttp.NewRequestWithContext(ctx, "GET", location, nil)
+	if err != nil {
+		return errorsx.WithStack(ErrInvalidClientMetadata.WithDebugf("Value sector_identifier_uri must be an HTTPS URL but it is not: %s", err.Error()))
+	}
+	response, err := v.r.HTTPClient(ctx).Do(req)
 	if err != nil {
 		return errorsx.WithStack(ErrInvalidClientMetadata.WithDebug(fmt.Sprintf("Unable to connect to URL set by sector_identifier_uri: %s", err)))
 	}

diff --git a/consent/strategy_default.go b/consent/strategy_default.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/gorilla/sessions"
+	"github.com/hashicorp/go-retryablehttp"
 	"github.com/pborman/uuid"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -773,12 +774,21 @@ func (s *DefaultStrategy) executeBackChannelLogout(ctx context.Context, r *http.
 		tasks = append(tasks, task{url: c.BackChannelLogoutURI, clientID: c.GetID(), token: t})
 	}
 
-	var execute = func(t task) {
+	span := trace.SpanFromContext(ctx)
+	cl := s.r.HTTPClient(ctx)
+	execute := func(t task) {
 		log := s.r.Logger().WithRequest(r).
 			WithField("client_id", t.clientID).
 			WithField("backchannel_logout_url", t.url)
 
-		res, err := s.r.HTTPClient(ctx).PostForm(t.url, url.Values{"logout_token": {t.token}})
+		body := url.Values{"logout_token": {t.token}}.Encode()
+		req, err := retryablehttp.NewRequestWithContext(trace.ContextWithSpan(context.Background(), span), "POST", t.url, []byte(body))
+		if err != nil {
+			log.WithError(err).Error("Unable to construct OpenID Connect Back-Channel Logout Request")
+			return
+		}
+		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+		res, err := cl.Do(req)
 		if err != nil {
 			log.WithError(err).Error("Unable to execute OpenID Connect Back-Channel Logout Request")
 			return