fix+feat: use verify oauth client helper in token as well

2025-06-09 15:55:36 +02:00
parent 299e7eddc4
commit dc41521a99
4 changed files with 48 additions and 29 deletions
--- a/internal/oauth/token.go
+++ b/internal/oauth/token.go
@ -152,12 +152,24 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
 	}

 	grantType := r.FormValue("grant_type")
-	redirectUri := r.FormValue("redirect_uri")

-	log.Printf("Redirect URI is %s\n", redirectUri)
+	log.Println("DEBUG: Verifying target oauth client before proceeding...")
+
+	if _, err := h.verifyOAuthClient(r.Context(), &VerifyOAuthClientParams{
+		ClientID:    clientId,
+		RedirectURI: nil,
+		State:       "",
+		Scopes:      nil,
+	}); err != nil {
+		web.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}

 	switch grantType {
 	case "authorization_code":
+		redirectUri := r.FormValue("redirect_uri")
+		log.Printf("Redirect URI is %s\n", redirectUri)
+
 		code := r.FormValue("code")

 		fmt.Printf("Code received: %s\n", code)