oauth: Fix regression with possibly nil http.Client

jentfoo · jentfoo · commit e42be949241f · 2025-02-06T16:10:51.000-07:00
diff --git a/sdk/auth/oauth/oauth.go b/sdk/auth/oauth/oauth.go
@@ -16,6 +16,7 @@ import (
 	"github.com/lestrrat-go/jwx/v2/jwk"
 	"github.com/lestrrat-go/jwx/v2/jws"
 	"github.com/lestrrat-go/jwx/v2/jwt"
+	"github.com/opentdf/platform/sdk/httputil"
 )
 
 const (
@@ -145,6 +146,9 @@ func GetAccessToken(client *http.Client, tokenEndpoint string, scopes []string,
 	if err != nil {
 		return nil, err
 	}
+	if client == nil {
+		client = httputil.SafeHTTPClient()
+	}
 
 	resp, err := client.Do(req)
 	if err != nil {
@@ -248,6 +252,9 @@ func DoTokenExchange(ctx context.Context, client *http.Client, tokenEndpoint str
 	if err != nil {
 		return nil, err
 	}
+	if client == nil {
+		client = httputil.SafeHTTPClient()
+	}
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, fmt.Errorf("error making request to IdP for token exchange: %w", err)
@@ -313,7 +320,11 @@ func DoCertExchange(ctx context.Context, tokenEndpoint string, exchangeInfo Cert
 		return nil, err
 	}
 
-	resp, err := exchangeInfo.HTTPClient.Do(req)
+	client := exchangeInfo.HTTPClient
+	if client == nil {
+		client = httputil.SafeHTTPClient()
+	}
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, fmt.Errorf("error making request to IdP for certificate exchange: %w", err)
 	}
