reinitOidcClient re-resolves OIDC config and creates or clears the client. Call after settings update.
(ctx context.Context)
| 419 | |
| 420 | // reinitOidcClient re-resolves OIDC config and creates or clears the client. Call after settings update. |
| 421 | func (h *OidcHandler) reinitOidcClient(ctx context.Context) { |
| 422 | if h.settings == nil { |
| 423 | return |
| 424 | } |
| 425 | oidcResolved, err := config.ResolveOidcConfig(ctx, h.cfg, h.settings.GetFirst) |
| 426 | if err != nil { |
| 427 | if h.log != nil { |
| 428 | h.log.Warn("OIDC reinit resolve failed", "error", err) |
| 429 | } |
| 430 | h.clientMu.Lock() |
| 431 | h.client = nil |
| 432 | h.resolved = nil |
| 433 | h.clientMu.Unlock() |
| 434 | return |
| 435 | } |
| 436 | clientSecret := oidcResolved.ClientSecret |
| 437 | if !oidcResolved.ConfiguredViaEnv && clientSecret != "" && h.enc != nil { |
| 438 | if dec, err := h.enc.Decrypt(clientSecret); err == nil { |
| 439 | clientSecret = dec |
| 440 | } |
| 441 | } |
| 442 | valid := oidcResolved.Enabled && oidcResolved.IssuerURL != "" && oidcResolved.ClientID != "" && clientSecret != "" && oidcResolved.RedirectURI != "" |
| 443 | var newClient *oidc.Client |
| 444 | var resolvedPtr *config.ResolvedOidcConfig |
| 445 | if valid { |
| 446 | resolvedPtr = &oidcResolved |
| 447 | c, _ := oidc.NewClient(ctx, oidc.Config{ |
| 448 | IssuerURL: oidcResolved.IssuerURL, |
| 449 | ClientID: oidcResolved.ClientID, |
| 450 | ClientSecret: clientSecret, |
| 451 | RedirectURI: oidcResolved.RedirectURI, |
| 452 | Scopes: oidcResolved.Scopes, |
| 453 | }) |
| 454 | newClient = c |
| 455 | } |
| 456 | h.clientMu.Lock() |
| 457 | h.client = newClient |
| 458 | h.resolved = resolvedPtr |
| 459 | h.configuredValid = valid |
| 460 | h.clientMu.Unlock() |
| 461 | } |
| 462 | |
| 463 | func oidcSettingsResponse(s *models.Settings, secretSet *bool, configuredViaEnv bool, envPreview map[string]string, callbackURL ...string) map[string]interface{} { |
| 464 | res := map[string]interface{}{ |
no test coverage detected