[pve-devel] [PATCH openid 1/1] fix #4234: openid: make userinfo request optional

Thomas Skinner thomas at atskinner.net
Sat Aug 31 00:34:30 CEST 2024


Signed-off-by: Thomas Skinner <thomas at atskinner.net>
---
 proxmox-openid/src/lib.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/proxmox-openid/src/lib.rs b/proxmox-openid/src/lib.rs
index fe65fded..7cef06e0 100644
--- a/proxmox-openid/src/lib.rs
+++ b/proxmox-openid/src/lib.rs
@@ -195,7 +195,7 @@ impl OpenIdAuthenticator {
         &self,
         code: &str,
         private_auth_state: &PrivateAuthState,
-    ) -> Result<(CoreIdTokenClaims, GenericUserInfoClaims), Error> {
+    ) -> Result<(CoreIdTokenClaims, Option<GenericUserInfoClaims>), Error> {
         let code = AuthorizationCode::new(code.to_string());
         // Exchange the code with a token.
         let token_response = self
@@ -213,11 +213,14 @@ impl OpenIdAuthenticator {
             .claims(&id_token_verifier, &private_auth_state.nonce)
             .map_err(|err| format_err!("Failed to verify ID token: {}", err))?;
 
-        let userinfo_claims: GenericUserInfoClaims = self
+        let userinfo_claims: Option<GenericUserInfoClaims> = match self
             .client
             .user_info(token_response.access_token().to_owned(), None)?
             .request(http_client)
-            .map_err(|err| format_err!("Failed to contact userinfo endpoint: {}", err))?;
+        {
+            Ok(claims) => Some(claims),
+            Err(..) => None,
+        };
 
         Ok((id_token_claims.clone(), userinfo_claims))
     }
-- 
2.39.2




More information about the pve-devel mailing list