fix #4234: openid: adjust openid verification function for userinfo option

Signed-off-by: Thomas Skinner <thomas@atskinner.net> [ML: rebased on master, added code to common and pve-rs forwarding] Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
2025-08-13 11:12:10 +00:00 · 2025-04-04 16:07:17 +02:00 · 2025-04-04 16:07:17 +02:00 · be287cfcf6
commit be287cfcf6
parent b1f554dd11
2 changed files with 8 additions and 2 deletions
--- a/common/src/oidc/mod.rs
+++ b/common/src/oidc/mod.rs
@ -54,9 +54,14 @@ pub mod export {
        #[try_from_ref] this: &OIDC,
        code: &str,
        private_auth_state: PrivateAuthState,
+        query_userinfo: Option<bool>,
    ) -> Result<Value, Error> {
        let oidc = this.inner.lock().unwrap();
-        let claims = oidc.verify_authorization_code_simple(code, &private_auth_state)?;
+        let claims = oidc.verify_authorization_code_simple_userinfo(
+            code,
+            &private_auth_state,
+            query_userinfo.unwrap_or(true),
+        )?;

        Ok(to_value(&claims)?)
    }
--- a/pve-rs/src/openid/mod.rs
+++ b/pve-rs/src/openid/mod.rs
@ -41,7 +41,8 @@ mod export {
        #[try_from_ref] this: &OpenId,
        code: &str,
        private_auth_state: PrivateAuthState,
+        query_userinfo: Option<bool>,
    ) -> Result<Value, Error> {
-        common::verify_authorization_code(this, code, private_auth_state)
+        common::verify_authorization_code(this, code, private_auth_state, query_userinfo)
    }
 }