Skip to content

fix: handle DoubleRenderError in library instead of requiring consumer workaround #233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bvogel wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: handle DoubleRenderError in library instead of requiring consumer workaround #233

bvogel wants to merge 2 commits into from
+13 −15

Conversation

@bvogel
Copy link

@bvogel bvogel commented Feb 12, 2026
edited
Loading

Summary

Moves DoubleRenderError prevention from consumer callbacks into the library itself, so users no longer need to add self.response_body = nil / @_response_body = nil in their reauthenticate_resource_owner and select_account_for_resource_owner blocks.

Fixes #206

Problem

Since v1.8.11, several scenarios cause AbstractController::DoubleRenderError:

  1. max_age + prompt: handle_oidc_max_age_param! triggers reauthenticate_oidc_resource_owner (redirect), then handle_oidc_prompt_param! also renders/redirects
  2. Multiple prompt values: e.g. prompt=login consent - consent renders :new, then login redirects via reauthenticate_oidc_resource_owner
  3. max_age=0: Always triggers reauthentication, compounding with any prompt handler

The current workaround (documented in the generator template and test dummy) requires every consumer to add response clearing in their callbacks. This is error-prone and undiscoverable.

Solution

Adds a clear_oidc_response! helper that safely clears response_body before issuing a new render/redirect. Called in:

  • reauthenticate_oidc_resource_owner - before executing the consumer's callback
  • select_account_for_oidc_resource_owner - before executing the consumer's callback
  • handle_oidc_prompt_param! consent branch - before render :new

This matches the existing pattern in handle_oidc_error! which already clears the response body.

Changes

  • lib/doorkeeper/openid_connect/helpers/controller.rb - add clear_oidc_response! and call it in the three locations above
  • spec/dummy/config/initializers/doorkeeper_openid_connect.rb - remove the consumer-side workaround (no longer needed)
  • lib/generators/doorkeeper/openid_connect/templates/initializer.rb - remove the DoubleRenderError workaround comments

All 174 existing tests pass without the consumer-side workaround.

@bvogel
fix: handle DoubleRenderError in library instead of requiring consume…
8f2c45a 
…r workaround

When multiple OIDC handlers (max_age, prompt values) trigger render/redirect
in sequence, a DoubleRenderError is raised. Previously, consumers had to add
`self.response_body = nil` in their initializer callbacks to work around this.

This moves the response clearing into the library itself via a
`clear_oidc_response!` helper called before each render/redirect in
`reauthenticate_oidc_resource_owner`, `select_account_for_oidc_resource_owner`,
and the consent branch of `handle_oidc_prompt_param!`.

Fixes doorkeeper-gem#206
@bvogel bvogel mentioned this pull request Feb 12, 2026
Closed
Sokre95
Sokre95 reviewed Feb 12, 2026
View reviewed changes
@bvogel bvogel mentioned this pull request Feb 12, 2026
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Sokre95 Sokre95 Sokre95 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

some combinations of prompt causes double rendering/redirection

2 participants

@bvogel @Sokre95