From 3f5120bfccf053802b399d7d802b5b217ec83fd3 Mon Sep 17 00:00:00 2001 From: mdtro <20070360+mdtro@users.noreply.github.com> Date: Wed, 30 Apr 2025 15:09:35 -0500 Subject: [PATCH] ref: change order openid token generation --- src/sentry/web/frontend/oauth_token.py | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/src/sentry/web/frontend/oauth_token.py b/src/sentry/web/frontend/oauth_token.py index 8f61ed10ae9d88..8198828c03cc3b 100644 --- a/src/sentry/web/frontend/oauth_token.py +++ b/src/sentry/web/frontend/oauth_token.py @@ -145,20 +145,26 @@ def get_access_tokens(self, request: Request, application: ApiApplication) -> di return {"error": "invalid_grant", "reason": "invalid redirect URI"} try: - token_data = {"token": ApiToken.from_grant(grant=grant)} + id_token = None + if grant.has_scope("openid") and options.get("codecov.signing_secret"): + open_id_token = OpenIDToken( + request.POST.get("client_id"), + grant.user_id, + options.get("codecov.signing_secret"), + nonce=request.POST.get("nonce"), + ) + id_token = open_id_token.get_signed_id_token(grant=grant) + + token = ApiToken.from_grant(grant=grant) + token_data = {"token": token} + + if id_token: + token_data["id_token"] = id_token + except UnableToAcquireLock: # TODO(mdtro): we should return a 409 status code here return {"error": "invalid_grant", "reason": "invalid grant"} - if grant.has_scope("openid") and options.get("codecov.signing_secret"): - open_id_token = OpenIDToken( - request.POST.get("client_id"), - grant.user_id, - options.get("codecov.signing_secret"), - nonce=request.POST.get("nonce"), - ) - token_data["id_token"] = open_id_token.get_signed_id_token(grant=grant) - return token_data def get_refresh_token(self, request: Request, application: ApiApplication) -> dict: