From 40254888d722356fb247ec2b437fc9a70abd5dca Mon Sep 17 00:00:00 2001
From: Lukasz Raczylo <lukasz@raczylo.com>
Date: Sat, 18 Jan 2025 10:54:30 +0000
Subject: [PATCH] Provide default session encryption key if not specified.

---
 main.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/main.go b/main.go
index 37fe242..e8c5ca4 100644
--- a/main.go
+++ b/main.go
@@ -175,6 +175,19 @@ func (t *TraefikOidc) VerifyJWTSignatureAndClaims(jwt *JWT, token string) error
 
 // New creates a new instance of the OIDC middleware
 func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) {
+	if config == nil {
+		config = CreateConfig()
+	}
+
+	// Generate default session encryption key if not provided
+	if config.SessionEncryptionKey == "" {
+		key, err := generateNonce()
+		if err != nil {
+			return nil, fmt.Errorf("failed to generate session encryption key: %w", err)
+		}
+		config.SessionEncryptionKey = key
+	}
+
 	// Setup HTTP client
 	transport := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,