feat: add OpenID Connect prompt Parameter Handling (#1299)

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Elias Schneider <login@eliasschneider.com>
2026-05-17 10:29:52 +00:00 · 2026-04-19 18:03:08 +02:00
parent 4f09de2cfc
commit 59fe481af9
12 changed files with 447 additions and 28 deletions
--- a/backend/internal/controller/oidc_controller.go
+++ b/backend/internal/controller/oidc_controller.go
@@ -104,6 +104,14 @@ func (oc *OidcController) authorizeHandler(c *gin.Context) {
 		c.Request.UserAgent(),
 	)
 	if err != nil {
+		// Check if this is a prompt-related error that should be returned as a redirect error
+		if isOidcPromptError(err) {
+			c.JSON(http.StatusOK, gin.H{
+				"error":            err.Error(),
+				"requiresRedirect": true,
+			})
+			return
+		}
 		_ = c.Error(err)
 		return
 	}
@@ -117,6 +125,19 @@ func (oc *OidcController) authorizeHandler(c *gin.Context) {
 	c.JSON(http.StatusOK, response)
 }

+// isOidcPromptError checks if an error is a prompt-related OIDC error that should trigger a redirect
+func isOidcPromptError(err error) bool {
+	var loginReq *common.OidcLoginRequiredError
+	var consentReq *common.OidcConsentRequiredError
+	var interactionReq *common.OidcInteractionRequiredError
+	var accountSelectionReq *common.OidcAccountSelectionRequiredError
+
+	return errors.As(err, &loginReq) ||
+		errors.As(err, &consentReq) ||
+		errors.As(err, &interactionReq) ||
+		errors.As(err, &accountSelectionReq)
+}
+
 // authorizationConfirmationRequiredHandler godoc
 // @Summary Check if authorization confirmation is required
 // @Description Check if the user needs to confirm authorization for the client