kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

fix(headless-login): simplify jwks policy checks

Browse Source
This commit is contained in:
Lectom C Han
2026-04-01 19:24:26 +09:00
parent 51f09bf53c
commit c3ae316570
5 changed files with 409 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/internal/handler/dev_handler.go
View File

@@ -1105,7 +1105,11 @@ func (h *DevHandler) UpdateClient(c *fiber.Ctx) error {
resolvedJWKSURI := valueOr(req.JwksUri, current.JWKSUri)
resolvedJWKS := req.Jwks
if req.Jwks == nil {
resolvedJWKS = current.JWKS
if resolvedClientType == "pkce" && readMetadataBoolValue(metadata, domain.MetadataHeadlessLoginEnabled) {
resolvedJWKS = nil
} else {
resolvedJWKS = current.JWKS
}
}
if err := validateHeadlessClientInput(resolvedClientType, resolvedJWKSURI, resolvedJWKS, metadata); err != nil {
return errorJSON(c, fiber.StatusBadRequest, err.Error())
@@ -1909,6 +1913,7 @@ func normalizeHeadlessClientConfig(
if metadata == nil {
metadata = map[string]interface{}{}
}
delete(metadata, domain.MetadataRequestObjectSigningAlg)
headlessEnabled := readMetadataBoolValue(metadata, domain.MetadataHeadlessLoginEnabled)
if clientType == "pkce" && headlessEnabled {