pomdtr.me
+21
-4
cmd/up.go
+21
-4
cmd/up.go
···
854
854
}, nil
855
855
}
856
856
857
-
idTokenCookie, err := r.Cookie("id_token")
858
-
if err != nil {
859
-
return Claims{}, fmt.Errorf("id token not found")
857
+
var rawIdToken string
858
+
if auth := r.Header.Get("Authorization"); auth != "" {
859
+
parts := strings.Split(strings.TrimSpace(auth), " ")
860
+
if len(parts) != 2 {
861
+
return Claims{}, fmt.Errorf("invalid authorization header")
862
+
}
863
+
864
+
if parts[0] != "Bearer" {
865
+
return Claims{}, fmt.Errorf("invalid authorization header")
866
+
}
867
+
868
+
rawIdToken = parts[1]
869
+
870
+
} else {
871
+
idTokenCookie, err := r.Cookie("id_token")
872
+
if err != nil {
873
+
return Claims{}, fmt.Errorf("id token not found")
874
+
}
875
+
876
+
rawIdToken = idTokenCookie.Value
860
877
}
861
878
862
879
verifier := provider.Verifier(&oidc.Config{ClientID: fmt.Sprintf("https://%s", r.Host)})
863
-
idToken, err := verifier.Verify(r.Context(), idTokenCookie.Value)
880
+
idToken, err := verifier.Verify(r.Context(), rawIdToken)
864
881
if err != nil {
865
882
return Claims{}, fmt.Errorf("failed to verify id token: %v", err)
866
883
}