From e048ec289215a823cba397df49aa83f1f4f8528c Mon Sep 17 00:00:00 2001 From: vdbulcke Date: Sat, 21 Dec 2024 14:36:33 +0100 Subject: [PATCH] fix: client_id private_key_jwt --- src/client/introspect.go | 1 + src/client/par.go | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/client/introspect.go b/src/client/introspect.go index dee3a55..440ad82 100644 --- a/src/client/introspect.go +++ b/src/client/introspect.go @@ -145,6 +145,7 @@ func (c *OIDCClient) generateIntrospectRequest(token string) (*http.Request, err c.logger.Debug("introspect setting client_assertion", "jwt", signedJwt) introspectParamValues.Set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer") introspectParamValues.Set("client_assertion", signedJwt) + introspectParamValues.Set("client_id", c.config.ClientID) } diff --git a/src/client/par.go b/src/client/par.go index 585f657..e1ade4b 100644 --- a/src/client/par.go +++ b/src/client/par.go @@ -6,6 +6,7 @@ import ( "io" "net/http" "net/url" + "slices" "strings" ) @@ -173,7 +174,8 @@ func (c *OIDCClient) generatePARRequest(codeChallenge string, nonce string, stat // syntax containing the "openid" scope value to indicate to the // underlying OAuth 2.0 logic that this is an OpenID Connect request. - paramToKeep = append(paramToKeep, "client_id", "response_type") + paramToKeep = append(paramToKeep, "response_type") + paramToKeep = append(paramToKeep, "client_id") if strings.Contains(scopes, "openid") { paramToKeep = append(paramToKeep, "scope", "redirect_uri") @@ -189,11 +191,11 @@ func (c *OIDCClient) generatePARRequest(codeChallenge string, nonce string, stat c.logger.Debug("generated request jwt", "request", signedJwt) parRequestBody["request"] = signedJwt - //nolint - for k := range parRequestBody { + for k, _ := range parRequestBody { // not an allowed parameter // delete from request - if !stringInSlice(k, paramToKeep) { + // if !stringInSlice(k, paramToKeep) { + if !slices.Contains(paramToKeep, k) { delete(parRequestBody, k) } }