fix: client_id private_key_jwt

vdbulcke · Dec 21, 2024 · e048ec2 · e048ec2
1 parent 4942b63
commit e048ec2
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/src/client/introspect.go b/src/client/introspect.go
@@ -145,6 +145,7 @@ func (c *OIDCClient) generateIntrospectRequest(token string) (*http.Request, err
 		c.logger.Debug("introspect setting client_assertion", "jwt", signedJwt)
 		introspectParamValues.Set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
 		introspectParamValues.Set("client_assertion", signedJwt)
+		introspectParamValues.Set("client_id", c.config.ClientID)
 
 	}
 

diff --git a/src/client/par.go b/src/client/par.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"net/http"
 	"net/url"
+	"slices"
 	"strings"
 )
 
@@ -173,7 +174,8 @@ func (c *OIDCClient) generatePARRequest(codeChallenge string, nonce string, stat
 			// syntax containing the "openid" scope value to indicate to the
 			// underlying OAuth 2.0 logic that this is an OpenID Connect request.
 
-			paramToKeep = append(paramToKeep, "client_id", "response_type")
+			paramToKeep = append(paramToKeep, "response_type")
+			paramToKeep = append(paramToKeep, "client_id")
 
 			if strings.Contains(scopes, "openid") {
 				paramToKeep = append(paramToKeep, "scope", "redirect_uri")
@@ -189,11 +191,11 @@ func (c *OIDCClient) generatePARRequest(codeChallenge string, nonce string, stat
 		c.logger.Debug("generated request jwt", "request", signedJwt)
 		parRequestBody["request"] = signedJwt
 
-		//nolint
-		for k := range parRequestBody {
+		for k, _ := range parRequestBody {
 			// not an allowed parameter
 			// delete from request
-			if !stringInSlice(k, paramToKeep) {
+			// if !stringInSlice(k, paramToKeep) {
+			if !slices.Contains(paramToKeep, k) {
 				delete(parRequestBody, k)
 			}
 		}