The open source product I am using is Chirpstack Application Server. I am attempting to get OIDC to work with an Azure provider.
This is the unmarshalling method in oidc.go
The implementation of OIDC login
// OpenIDConnectLogin performs an OpenID Connect login.
func (a *InternalAPI) OpenIDConnectLogin(ctx context.Context, req *pb.OpenIDConnectLoginRequest) (*pb.OpenIDConnectLoginResponse, error) {
oidcUser, err := oidc.GetUser(ctx, req.Code, req.State)
if err != nil {
return nil, helpers.ErrToRPCError(err)
}
if !oidcUser.EmailVerified {
return nil, grpc.Errorf(codes.FailedPrecondition, "email address must be verified before you can login")
}
var user storage.User
// try to get the user by external ID.
user, err = storage.GetUserByExternalID(ctx, storage.DB(), oidcUser.ExternalID)
if err != nil {
if err == storage.ErrDoesNotExist {
// try to get the user by email and set the external id.
user, err = storage.GetUserByEmail(ctx, storage.DB(), oidcUser.Email)
if err != nil {
// we did not find the user by external_id or email and registration is enabled.
if err == storage.ErrDoesNotExist && registrationEnabled {
user, err = a.createAndProvisionUser(ctx, oidcUser)
if err != nil {
return nil, helpers.ErrToRPCError(err)
}
// fetch user again because the provisioning callback url may have updated the user.
user, err = storage.GetUser(ctx, storage.DB(), user.ID)
if err != nil {
return nil, helpers.ErrToRPCError(err)
}
} else {
return nil, helpers.ErrToRPCError(err)
}
}
user.ExternalID = &oidcUser.ExternalID
} else {
return nil, helpers.ErrToRPCError(err)
}
}
The getUser method that gives out the error.
func GetUser(ctx context.Context, db sqlx.Queryer, id int64) (User, error) {
var user User
err := sqlx.Get(db, &user, `
select
*
from
"user"
where
id = $1
`, id)
if err != nil {
if err == sql.ErrNoRows {
return user, ErrDoesNotExist
}
return user, errors.Wrap(err, "select error")
}
return user, nil
}