From 099ad039b3c1bfe53de9aa85547a61be405230ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Radu=20Lucu=C8=9B?= <git@radulucut.com>
Date: Tue, 16 Dec 2025 11:56:44 +0200
Subject: [PATCH] fix: close HTTP response bodies in authentication methods

---
 api/auth.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/auth.go b/api/auth.go
index 1abfb78..cd450dd 100644
--- a/api/auth.go
+++ b/api/auth.go
@@ -177,6 +177,7 @@ func (c *client) exchange(ctx context.Context, form url.Values, verifier string,
 			Description: err.Error(),
 		}
 	}
+	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
 		err := &AuthorizeError{
 			Code:        resp.StatusCode,
@@ -314,6 +315,7 @@ func (c *client) refreshToken(ctx context.Context, token string) (*storage.Token
 			Description: err.Error(),
 		}
 	}
+	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
 		err := &AuthorizeError{
 			Code:        resp.StatusCode,
@@ -385,6 +387,7 @@ func (c *client) introspection(ctx context.Context, token string) (*Introspectio
 			Description: err.Error(),
 		}
 	}
+	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
 		err := &AuthorizeError{
 			Code:        resp.StatusCode,
@@ -426,6 +429,7 @@ func (c *client) RevokeToken(ctx context.Context, token string) error {
 			Description: err.Error(),
 		}
 	}
+	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
 		err := &AuthorizeError{
 			Code:        resp.StatusCode,