Merge pull request #7451 from reasonerjt/oidc-logout

Skip verifying OIDC token for local user
2024-11-20 09:15:19 +01:00 · 2019-04-19 14:55:26 +08:00 · 2019-04-19 14:55:26 +08:00 · 6b45b5ef7c
commit 6b45b5ef7c
parent 3738b0a984 5292aea89e
1 changed files with 6 additions and 3 deletions
--- a/src/core/filter/security.go
+++ b/src/core/filter/security.go
@ -467,9 +467,12 @@ func (s *sessionReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
 			log.Errorf("Failed to get OIDC user info, error: %v", err)
 			return false
 		}
-		if err := oidc.VerifyAndPersistToken(ctx.Request.Context(), ou); err != nil {
-			log.Errorf("Failed to verify secret, error: %v", err)
-			return false
+		if ou != nil { // If user does not have OIDC metadata, it means he is not onboarded via OIDC authn,
+			// so we can skip checking the token.
+			if err := oidc.VerifyAndPersistToken(ctx.Request.Context(), ou); err != nil {
+				log.Errorf("Failed to verify secret, error: %v", err)
+				return false
+			}
 		}
 	}
 	log.Debug("using local database project manager")