From c8df774869b4bd5e84f8c34d43ee451fcf26be35 Mon Sep 17 00:00:00 2001
From: brookjeynes <me@brookjeynes.dev>
Date: Thu, 30 Oct 2025 20:49:31 +1000
Subject: [PATCH] fix(oauth): authorised client error on fresh sessions
Change-Id: rozvknvsxsluztnkqwzwwkslpqulrnlu

During the callback phase of oauth, we check to see if a user account
exists in the pds and if not, create one. This requires an authorised
client. This fixes an issue where the client authorised client wasn't
grabbed successfully out of the session.

Signed-off-by: brookjeynes <me@brookjeynes.dev>
---
 internal/server/oauth/handler.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/server/oauth/handler.go b/internal/server/oauth/handler.go
index edf4cf0..633489f 100644
--- a/internal/server/oauth/handler.go
+++ b/internal/server/oauth/handler.go
@@ -107,13 +107,15 @@ func (o *OAuth) callback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	client, err := o.AuthorizedClient(r)
+	clientSession, err := o.ClientApp.ResumeSession(r.Context(), sessData.AccountDID, sessData.SessionID)
 	if err != nil {
 		l.Error("failed to get authorized client", "err", err)
 		http.Redirect(w, r, "/login?error=client", http.StatusFound)
 		return
 	}
 
+	client := clientSession.APIClient()
+
 	ex, _ := comatproto.RepoGetRecord(r.Context(), client, "", yoten.ActorProfileNSID, did, "self")
 	var cid *string
 	if ex != nil {
-- 
2.43.0