Deterministic OIDC provider display order

Go map iteration order is (intentionally) random
2025-08-03 10:56:06 -04:00 · 2025-03-29 19:12:41 -04:00 · 2025-03-29 19:12:41 -04:00 · 9901aa8776
commit 9901aa8776
parent cec6d6828c
3 changed files with 13 additions and 4 deletions
--- a/front.go
+++ b/front.go
@ -332,7 +332,8 @@ func FrontRoot(app *App) func(c echo.Context) error {
 				Secure:   true,
 			})

-			for name, provider := range app.OIDCProvidersByName {
+			for _, name := range app.OIDCProviderNames {
+				provider := app.OIDCProvidersByName[name]
 				authURL, err := makeOIDCAuthURL(&c, provider, stateBase64)
 				if err != nil {
 					return err
@ -438,7 +439,8 @@ func FrontRegistration(app *App) func(c echo.Context) error {
 			Secure:   true,
 		})

-		for name, provider := range app.OIDCProvidersByName {
+		for _, name := range app.OIDCProviderNames {
+			provider := app.OIDCProvidersByName[name]
 			authURL, err := makeOIDCAuthURL(&c, provider, stateBase64)
 			if err != nil {
 				return err
@ -624,7 +626,7 @@ func (app *App) oidcLink(c echo.Context, oidcProvider *OIDCProvider, tokens *oid
 	return c.Redirect(http.StatusSeeOther, returnURL)
 }

-func (app *App) oidcSignIn(c echo.Context, oidcProvider *OIDCProvider, tokens *oidc.Tokens[*oidc.IDTokenClaims], state oidcState) error {
+func (app *App) oidcSignIn(c echo.Context, _ *OIDCProvider, tokens *oidc.Tokens[*oidc.IDTokenClaims], state oidcState) error {
 	failureURL := state.ReturnURL
 	completeRegistrationURL, err := url.JoinPath(app.FrontEndURL, "web/complete-registration")
 	if err != nil {
@ -994,7 +996,8 @@ func FrontUser(app *App) func(c echo.Context) error {
 				}
 			}

-			for name, provider := range app.OIDCProvidersByName {
+			for _, name := range app.OIDCProviderNames {
+				provider := app.OIDCProvidersByName[name]
 				if !linkedOIDCProviderNames.Contains(name) {
 					authURL, err := makeOIDCAuthURL(&c, provider, stateBase64)
 					if err != nil {
--- a/main.go
+++ b/main.go
@ -67,6 +67,7 @@ type App struct {
 	AEAD                     cipher.AEAD
 	SkinMutex                *sync.Mutex
 	VerificationSkinTemplate *image.NRGBA
+	OIDCProviderNames        []string
 	OIDCProvidersByName      map[string]*OIDCProvider
 	OIDCProvidersByIssuer    map[string]*OIDCProvider
 }
@ -500,6 +501,7 @@ func setup(config *Config) *App {
 	}

 	// OIDC providers
+	oidcProviderNames := make([]string, 0, len(config.RegistrationOIDC))
 	oidcProvidersByName := map[string]*OIDCProvider{}
 	oidcProvidersByIssuer := map[string]*OIDCProvider{}
 	scopes := []string{"openid", "email"}
@ -528,6 +530,7 @@ func setup(config *Config) *App {
 			Config:       oidcConfig,
 		}

+		oidcProviderNames = append(oidcProviderNames, oidcConfig.Name)
 		oidcProvidersByName[oidcConfig.Name] = &oidcProvider
 		oidcProvidersByIssuer[oidcConfig.Issuer] = &oidcProvider
 	}
@ -555,6 +558,7 @@ func setup(config *Config) *App {
 		AuthlibInjectorURL:       Unwrap(url.JoinPath(config.BaseURL, "authlib-injector")),
 		APIURL:                   Unwrap(url.JoinPath(config.BaseURL, DRASL_API_PREFIX)),
 		VerificationSkinTemplate: verificationSkinTemplate,
+		OIDCProviderNames:        oidcProviderNames,
 		OIDCProvidersByName:      oidcProvidersByName,
 		OIDCProvidersByIssuer:    oidcProvidersByIssuer,
 	}
--- a/util.go
+++ b/util.go
@ -1,6 +1,7 @@
 package main

 import (
+	"cmp"
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
@ -11,6 +12,7 @@ import (
 	"io"
 	"log"
 	"os"
+	"slices"
 	"strings"
 	"sync"
 )