fix: verify client at the right time (#145)

aaronschweig · web-flow · commit 12c1a4b8fd47 · 2025-10-27T19:39:19.000+01:00
diff --git a/internal/subroutine/invite/subroutine.go b/internal/subroutine/invite/subroutine.go
@@ -144,6 +144,33 @@ func (s *subroutine) Process(ctx context.Context, instance runtimeobject.Runtime
 
 	log.Info().Str("email", invite.Spec.Email).Msg("User does not exist, creating user and sending invite")
 
+	clientQueryParams := url.Values{
+		"clientId": {realm},
+	}
+
+	res, err = s.keycloak.Get(fmt.Sprintf("%s/admin/realms/%s/clients?%s", s.keycloakBaseURL, realm, clientQueryParams.Encode()))
+	if err != nil {
+		log.Err(err).Msg("Failed to verify client exists")
+		return ctrl.Result{}, errors.NewOperatorError(err, true, false)
+	}
+	defer res.Body.Close() //nolint:errcheck
+
+	if res.StatusCode != http.StatusOK {
+		return ctrl.Result{}, errors.NewOperatorError(fmt.Errorf("failed to verify client exists: %s", res.Status), true, false)
+	}
+
+	var clients []keycloakClient
+	if err = json.NewDecoder(res.Body).Decode(&clients); err != nil {
+		return ctrl.Result{}, errors.NewOperatorError(err, true, false)
+	}
+
+	if len(clients) == 0 {
+		log.Info().Str("clientId", realm).Msg("Client does not exist yet, requeuing")
+		return ctrl.Result{}, errors.NewOperatorError(fmt.Errorf("client %s does not exist yet", realm), true, false)
+	}
+
+	log.Debug().Str("clientId", realm).Msg("Client verified")
+
 	// Create user
 	newUser := keycloakUser{
 		Email:           invite.Spec.Email,
@@ -186,33 +213,6 @@ func (s *subroutine) Process(ctx context.Context, instance runtimeobject.Runtime
 
 	log.Debug().Str("email", invite.Spec.Email).Str("id", newUser.ID).Msg("User created")
 
-	clientQueryParams := url.Values{
-		"clientId": {realm},
-	}
-
-	res, err = s.keycloak.Get(fmt.Sprintf("%s/admin/realms/%s/clients?%s", s.keycloakBaseURL, realm, clientQueryParams.Encode()))
-	if err != nil {
-		log.Err(err).Msg("Failed to verify client exists")
-		return ctrl.Result{}, errors.NewOperatorError(err, true, false)
-	}
-	defer res.Body.Close() //nolint:errcheck
-
-	if res.StatusCode != http.StatusOK {
-		return ctrl.Result{}, errors.NewOperatorError(fmt.Errorf("failed to verify client exists: %s", res.Status), true, false)
-	}
-
-	var clients []keycloakClient
-	if err = json.NewDecoder(res.Body).Decode(&clients); err != nil {
-		return ctrl.Result{}, errors.NewOperatorError(err, true, false)
-	}
-
-	if len(clients) == 0 {
-		log.Info().Str("clientId", realm).Msg("Client does not exist yet, requeuing")
-		return ctrl.Result{}, errors.NewOperatorError(fmt.Errorf("client %s does not exist yet", realm), true, false)
-	}
-
-	log.Debug().Str("clientId", realm).Msg("Client verified")
-
 	queryParams := url.Values{
 		"redirect_uri": {fmt.Sprintf("https://%s.%s/", realm, s.baseDomain)},
 		"client_id":    {realm},
