fix: userinfo oauth endpoint should be called if decodeJWT function w…

…as failed
Leantime · Oct 14, 2024 · 2e44a7d · 2e44a7d
1 parent 853b832
commit 2e44a7d
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/app/Domain/Oidc/Services/Oidc.php b/app/Domain/Oidc/Services/Oidc.php
@@ -153,10 +153,14 @@ public function callback(string $code, string $state): Response
  //echo '<pre>' . print_r($tokens, true) . '</pre>';
  if (isset($tokens['id_token'])) {
  $userInfo = $this->decodeJWT($tokens['id_token']);
- } elseif (isset($tokens['access_token'])) {
+ }
+
+ if ($userInfo == null && isset($tokens['access_token'])) {
  //falback to OAuth userinfo endpoint
  $userInfo = $this->pollUserInfo($tokens['access_token']);
- } else {
+ }
+
+ if ((!isset($tokens['access_token'])) && (!isset($tokens['access_token']))) {
  $this->displayError('oidc.error.unsupportedToken');
  }