From c6ff3cfca05ff191e826a072d63b406c984c2f06 Mon Sep 17 00:00:00 2001
From: "Iradier, AlvaroJose" <AlvaroJose.Iradier@adidas.com>
Date: Fri, 23 Aug 2019 14:07:39 +0200
Subject: [PATCH] Handle error on OIDC callback

If wrong OIDC scopes are defined, or there are some configuration errors, the OIDC callback query string might contain "error=..." with an error message. Intercept this case and show an error to the user instead of trying to exchange the token with a missing "code" parameter.

Signed-off-by: Iradier, AlvaroJose <AlvaroJose.Iradier@adidas.com>

Change error variable name

Signed-off-by: Iradier, AlvaroJose <AlvaroJose.Iradier@adidas.com>
---
 src/core/controllers/oidc.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/core/controllers/oidc.go b/src/core/controllers/oidc.go
index 1479b8e5a..4b8d29447 100644
--- a/src/core/controllers/oidc.go
+++ b/src/core/controllers/oidc.go
@@ -82,6 +82,15 @@ func (oc *OIDCController) Callback() {
 		oc.SendBadRequestError(errors.New("State mismatch"))
 		return
 	}
+
+	errorCode := oc.Ctx.Request.URL.Query().Get("error")
+	if errorCode != "" {
+		errorDescription := oc.Ctx.Request.URL.Query().Get("error_description")
+		log.Errorf("OIDC callback returned error: %s - %s", errorCode, errorDescription)
+		oc.SendBadRequestError(errors.Errorf("OIDC callback returned error: %s - %s", errorCode, errorDescription))
+		return
+	}
+
 	code := oc.Ctx.Request.URL.Query().Get("code")
 	ctx := oc.Ctx.Request.Context()
 	token, err := oidc.ExchangeToken(ctx, code)