fix: never construct id token claim templates in parallel (#552)

Closes #551
ory · Oct 11, 2020 · 4f504d9 · 4f504d9
1 parent dbe1987
commit 4f504d9
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/pipeline/mutate/mutator_id_token.go b/pipeline/mutate/mutator_id_token.go
@@ -27,6 +27,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"sync"
 	"text/template"
 	"time"
 
@@ -49,9 +50,10 @@ type MutatorIDTokenRegistry interface {
 }
 
 type MutatorIDToken struct {
-	c         configuration.Provider
-	r         MutatorIDTokenRegistry
-	templates *template.Template
+	c             configuration.Provider
+	r             MutatorIDTokenRegistry
+	templates     *template.Template
+	templatesLock sync.Mutex
 
 	tokenCache        *ristretto.Cache
 	tokenCacheEnabled bool
@@ -152,7 +154,9 @@ func (a *MutatorIDToken) Mutate(r *http.Request, session *authn.AuthenticationSe
 		t := a.templates.Lookup(c.ClaimsTemplateID())
 		if t == nil {
 			var err error
+			a.templatesLock.Lock()
 			t, err = a.templates.New(c.ClaimsTemplateID()).Parse(c.Claims)
+			a.templatesLock.Unlock()
 			if err != nil {
 				return errors.Wrapf(err, `error parsing claims template in rule "%s"`, rl.GetID())
 			}