From 24f6041a760ededb7031575e74303e089fc16c80 Mon Sep 17 00:00:00 2001
From: Timo Volkmann <git@timovolkmann.de>
Date: Mon, 20 Sep 2021 19:14:57 +0200
Subject: [PATCH] Auth: Make OIDC initialization more resilient #782

---
 internal/api/auth.go     | 13 ++++++++++++-
 internal/service/oidc.go |  8 +++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/internal/api/auth.go b/internal/api/auth.go
index 08b5eeb72..fdf5942e0 100644
--- a/internal/api/auth.go
+++ b/internal/api/auth.go
@@ -18,15 +18,26 @@ func AuthEndpoints(router *gin.RouterGroup) {
 		log.Debugf("no oidc provider configured. skip mounting endpoints")
 		return
 	}
-	openIdConnect := service.Oidc()
 
 	router.GET("/auth/external", func(c *gin.Context) {
+		openIdConnect := service.Oidc()
+		if openIdConnect == nil {
+			AbortFeatureDisabled(c)
+			return
+		}
+
 		handle := openIdConnect.AuthUrlHandler()
 		handle(c.Writer, c.Request)
 		return
 	})
 
 	router.GET(oidc.RedirectPath, func(c *gin.Context) {
+		openIdConnect := service.Oidc()
+		if openIdConnect == nil {
+			AbortFeatureDisabled(c)
+			return
+		}
+
 		userInfo, err := openIdConnect.CodeExchangeUserInfo(c)
 		if err != nil {
 			log.Errorf("%s", err)
diff --git a/internal/service/oidc.go b/internal/service/oidc.go
index e09a0e06f..d50d4f69d 100644
--- a/internal/service/oidc.go
+++ b/internal/service/oidc.go
@@ -1,13 +1,9 @@
 package service
 
 import (
-	"sync"
-
 	"github.com/photoprism/photoprism/internal/oidc"
 )
 
-var onceOidc sync.Once
-
 func initOidc() {
 	services.Oidc = oidc.NewClient(
 		Config().OidcIssuerUrl(),
@@ -19,6 +15,8 @@ func initOidc() {
 }
 
 func Oidc() *oidc.Client {
-	onceOidc.Do(initOidc)
+	if services.Oidc == nil {
+		initOidc()
+	}
 	return services.Oidc
 }