feat: add support for ECDSA and EdDSA keys (#359)

Co-authored-by: Elias Schneider <login@eliasschneider.com>
2026-03-22 20:15:07 +00:00 · 2025-03-27 10:20:39 -07:00
parent 5c198c280c
commit 96876a99c5
21 changed files with 1080 additions and 207 deletions
--- a/backend/internal/controller/oidc_controller.go
+++ b/backend/internal/controller/oidc_controller.go
@@ -195,22 +195,28 @@ func (oc *OidcController) createTokensHandler(c *gin.Context) {
 // @Security OAuth2AccessToken
 // @Router /api/oidc/userinfo [get]
 func (oc *OidcController) userInfoHandler(c *gin.Context) {
-	authHeaderSplit := strings.Split(c.GetHeader("Authorization"), " ")
-	if len(authHeaderSplit) != 2 {
+	_, authToken, ok := strings.Cut(c.GetHeader("Authorization"), " ")
+	if !ok || authToken == "" {
 		_ = c.Error(&common.MissingAccessToken{})
 		return
 	}

-	token := authHeaderSplit[1]
-
-	jwtClaims, err := oc.jwtService.VerifyOauthAccessToken(token)
+	token, err := oc.jwtService.VerifyOauthAccessToken(authToken)
 	if err != nil {
 		_ = c.Error(err)
 		return
 	}
-	userID := jwtClaims.Subject
-	clientId := jwtClaims.Audience[0]
-	claims, err := oc.oidcService.GetUserClaimsForClient(userID, clientId)
+	userID, ok := token.Subject()
+	if !ok {
+		_ = c.Error(&common.TokenInvalidError{})
+		return
+	}
+	clientID, ok := token.Audience()
+	if !ok || len(clientID) != 1 {
+		_ = c.Error(&common.TokenInvalidError{})
+		return
+	}
+	claims, err := oc.oidcService.GetUserClaimsForClient(userID, clientID[0])
 	if err != nil {
 		_ = c.Error(err)
 		return