From 9376f843c739f7531012266a89dfa5c2e2787930 Mon Sep 17 00:00:00 2001
From: Francis PEROT <francis.perot@elca.ch>
Date: Fri, 7 Aug 2020 15:55:40 +0200
Subject: [PATCH] Fix concurrency issue in OIDC provider

---
 toolbox/oidc_verifier.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/toolbox/oidc_verifier.go b/toolbox/oidc_verifier.go
index cc02885..32a9ac2 100644
--- a/toolbox/oidc_verifier.go
+++ b/toolbox/oidc_verifier.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/url"
+	"sync"
 	"time"
 
 	"github.com/cloudtrust/keycloak-client"
@@ -26,6 +27,7 @@ type verifierCache struct {
 	errorTolerance time.Duration
 	tokenURL       *url.URL
 	verifiers      map[string]cachedVerifier
+	verifiersMutex sync.RWMutex
 }
 
 type cachedVerifier struct {
@@ -42,11 +44,14 @@ func NewVerifierCache(tokenURL *url.URL, timeToLive time.Duration, errorToleranc
 		errorTolerance: errorTolerance,
 		tokenURL:       tokenURL,
 		verifiers:      make(map[string]cachedVerifier),
+		verifiersMutex: sync.RWMutex{},
 	}
 }
 
 func (vc *verifierCache) GetOidcVerifier(realm string) (OidcVerifier, error) {
+	vc.verifiersMutex.RLock()
 	v, ok := vc.verifiers[realm]
+	vc.verifiersMutex.RUnlock()
 	if ok && v.isValid() {
 		return &v, nil
 	}
@@ -67,7 +72,9 @@ func (vc *verifierCache) GetOidcVerifier(realm string) (OidcVerifier, error) {
 		invalidateOnErrorAt: time.Now().Add(vc.errorTolerance),
 		verifier:            ov,
 	}
+	vc.verifiersMutex.Lock()
 	vc.verifiers[realm] = res
+	vc.verifiersMutex.Unlock()
 
 	return &res, nil
 }