fix: authorize endpoint setting user session

2022-08-29 08:18:20 +05:30
parent 5f385b2016
commit 97f6c7d50a
6 changed files with 7 additions and 6 deletions
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@@ -76,7 +76,6 @@ func TokenHandler() gin.HandlerFunc {
 		sessionKey := ""

 		if isAuthorizationCodeGrant {
-
 			if codeVerifier == "" {
 				log.Debug("Code verifier is empty")
 				gc.JSON(http.StatusBadRequest, gin.H{
@@ -134,15 +133,18 @@ func TokenHandler() gin.HandlerFunc {
 				})
 				return
 			}
+
 			userID = claims.Subject
 			roles = claims.Roles
 			scope = claims.Scope
 			loginMethod = claims.LoginMethod
+
 			// rollover the session for security
 			sessionKey = userID
 			if loginMethod != "" {
 				sessionKey = loginMethod + ":" + userID
 			}
+
 			go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
 		} else {
 			// validate refresh token