refactor: Flatten AuthOnly error handling structure

Move the SkipProviderButton check outside of the nested err != nil block using an if-else structure. This makes the special case more visible and reduces nesting depth without changing behavior. Signed-off-by: Stefan Markmann <stefan@markmann.net>
2026-01-17 13:58:00 +01:00 · 2026-01-17 13:58:00 +01:00 · e9f0629994
parent 4024efb1f9
commit e9f0629994
1 changed files with 9 additions and 10 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -987,16 +987,15 @@ func (p *OAuthProxy) enrichSessionState(ctx context.Context, s *sessionsapi.Sess
 // and optional authorization).
 func (p *OAuthProxy) AuthOnly(rw http.ResponseWriter, req *http.Request) {
 	session, err := p.getAuthenticatedSession(rw, req)
-	if err != nil {
-		// If SkipProviderButton is enabled and user needs login, redirect directly
-		// to OAuth provider instead of returning 401. This allows nginx auth_request
-		// to pass through the 302 redirect to the browser, bypassing error_page
-		// handling which can break redirect flows.
-		// See: https://github.com/oauth2-proxy/oauth2-proxy/issues/334
-		if p.SkipProviderButton && err == ErrNeedsLogin {
-			p.doOAuthStart(rw, req, nil)
-			return
-		}
+	// If SkipProviderButton is enabled and user needs login, redirect directly
+	// to OAuth provider instead of returning 401. This allows nginx auth_request
+	// to pass through the 302 redirect to the browser, bypassing error_page
+	// handling which can break redirect flows.
+	// See: https://github.com/oauth2-proxy/oauth2-proxy/issues/334
+	if p.SkipProviderButton && err == ErrNeedsLogin {
+		p.doOAuthStart(rw, req, nil)
+		return
+	} else if err != nil {
 		http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 		return
 	}