File tree Expand file tree Collapse file tree 1 file changed +14
-0
lines changed Expand file tree Collapse file tree 1 file changed +14
-0
lines changed Original file line number Diff line number Diff line change @@ -1122,6 +1122,20 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
11221122 return
11231123 }
11241124
1125+ if idToken .Subject == "" {
1126+ logger .Error (ctx , "oauth2: missing 'sub' claim field in OIDC token" ,
1127+ slog .F ("source" , "id_token" ),
1128+ slog .F ("claim_fields" , claimFields (idtokenClaims )),
1129+ slog .F ("blank" , blankFields (idtokenClaims )),
1130+ )
1131+ httpapi .Write (ctx , rw , http .StatusBadRequest , codersdk.Response {
1132+ Message : "OIDC token missing 'sub' claim field or 'sub' claim field is empty." ,
1133+ Detail : "'sub' claim field is required to be unique for all users by a given issue, " +
1134+ "an empty field is invalid and this authentication attempt is rejected." ,
1135+ })
1136+ return
1137+ }
1138+
11251139 logger .Debug (ctx , "got oidc claims" ,
11261140 slog .F ("source" , "id_token" ),
11271141 slog .F ("claim_fields" , claimFields (idtokenClaims )),
You can’t perform that action at this time.
0 commit comments