getAlby · rolznz · Jun 12, 2024 · Jun 11, 2024 · Jun 12, 2024 · Jun 12, 2024
diff --git a/alby/alby_oauth_service.go b/alby/alby_oauth_service.go
@@ -72,24 +72,27 @@ func (svc *albyOAuthService) CallbackHandler(ctx context.Context, code string) e
 	}
 	svc.saveToken(token)
 
+	me, err := svc.GetMe(ctx)
+	if err != nil {
+		svc.logger.WithError(err).Error("Failed to fetch user me")
+		// remove token so user can retry
+		svc.config.SetUpdate(accessTokenKey, me.Identifier, "")
+		return err
+	}
+
 	existingUserIdentifier, err := svc.GetUserIdentifier()
 	if err != nil {
 		svc.logger.WithError(err).Error("Failed to get alby user identifier")
 		return err
 	}
 
-	// setup Alby account on first time login
+	// save the user's alby account ID on first time login
 	if existingUserIdentifier == "" {
-		// fetch and save the user's alby account ID. This cannot be changed.
-		me, err := svc.GetMe(ctx)
-		if err != nil {
-			svc.logger.WithError(err).Error("Failed to fetch user me")
-			// remove token so user can retry
-			svc.config.SetUpdate(accessTokenKey, me.Identifier, "")
-			return err
-		}
-
 		svc.config.SetUpdate(userIdentifierKey, me.Identifier, "")
+	} else {
+		if existingUserIdentifier != me.Identifier {
+			return errors.New("alby identifier does not match")
+		}
 	}
 
 	return nil