From 59447ca0398ec596bc97694c80f13346d9606e87 Mon Sep 17 00:00:00 2001 From: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> Date: Mon, 4 Dec 2023 12:41:19 -0800 Subject: [PATCH 1/2] authenticate: remove extra UpdateUserInfo() call The buildIdentityProfile() method is called only from Authenticate.getOAuthCallback(), which has previously called Authenticator.Authenticate(). It looks like all implementations of the Authenticator interface already call UpdateUserInfo(), so we shouldn't need to call UpdateUserInfo() a second time from buildIdentityProfile(). This should simplify the code a little and provide a slight performance improvement (by avoiding one network request). --- authenticate/identity_profile.go | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/authenticate/identity_profile.go b/authenticate/identity_profile.go index fe467d7042f..b51b3787dd0 100644 --- a/authenticate/identity_profile.go +++ b/authenticate/identity_profile.go @@ -29,19 +29,8 @@ func (a *Authenticate) buildIdentityProfile( claims identity.SessionClaims, oauthToken *oauth2.Token, ) (*identitypb.Profile, error) { - options := a.options.Load() idpID := r.FormValue(urlutil.QueryIdentityProviderID) - authenticator, err := a.cfg.getIdentityProvider(options, idpID) - if err != nil { - return nil, fmt.Errorf("authenticate: error getting identity provider authenticator: %w", err) - } - - err = authenticator.UpdateUserInfo(ctx, oauthToken, &claims) - if err != nil { - return nil, fmt.Errorf("authenticate: error retrieving user info: %w", err) - } - rawIDToken := []byte(claims.RawIDToken) rawOAuthToken, err := json.Marshal(oauthToken) if err != nil { From 72e69b1fe79a9b0fed8d06dec3c2a29b0eaea213 Mon Sep 17 00:00:00 2001 From: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> Date: Mon, 4 Dec 2023 13:48:31 -0800 Subject: [PATCH 2/2] remove unused method parameters --- authenticate/handlers.go | 2 +- authenticate/identity_profile.go | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/authenticate/handlers.go b/authenticate/handlers.go index c854f042f77..333e051198a 100644 --- a/authenticate/handlers.go +++ b/authenticate/handlers.go @@ -451,7 +451,7 @@ Or contact your administrator. } // save the session and access token to the databroker - profile, err := a.buildIdentityProfile(ctx, r, &newState, claims, accessToken) + profile, err := a.buildIdentityProfile(r, claims, accessToken) if err != nil { return nil, httputil.NewError(http.StatusInternalServerError, err) } diff --git a/authenticate/identity_profile.go b/authenticate/identity_profile.go index b51b3787dd0..29fed27b331 100644 --- a/authenticate/identity_profile.go +++ b/authenticate/identity_profile.go @@ -14,7 +14,6 @@ import ( "github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/identity" - "github.com/pomerium/pomerium/internal/sessions" "github.com/pomerium/pomerium/internal/urlutil" "github.com/pomerium/pomerium/pkg/cryptutil" identitypb "github.com/pomerium/pomerium/pkg/grpc/identity" @@ -23,9 +22,7 @@ import ( var cookieChunker = httputil.NewCookieChunker() func (a *Authenticate) buildIdentityProfile( - ctx context.Context, r *http.Request, - _ *sessions.State, claims identity.SessionClaims, oauthToken *oauth2.Token, ) (*identitypb.Profile, error) {