jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix acl logic for token inspection endpoint

Browse Source
This commit is contained in:
Johannes Zellner
2026-02-19 19:09:02 +01:00
parent 9d03eb2643
commit 466527884f
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/oidcserver.js
View File

@@ -651,14 +651,14 @@ async function start() {
// first default check of the module to ensure this is a valid client with auth
if (client.clientAuthMethod === 'none' && token.clientId !== ctx.oidc.client.clientId) return false;
const internalClient = await oidcClients.get(token.clientId);
const internalClient = await oidcClients.get(ctx.oidc.client.clientId);
if (!internalClient) return false;
// check if we have an app, if so we have to check access
const internalApp = internalClient.appId ? await apps.get(internalClient.appId) : null;
if (internalApp) {
const user = await users.getByUsername(token.accountId);
return apps.canAccess(app, user);
return apps.canAccess(internalApp, user);
}
// unknown app