From 3decdc11deeb76bacdab80571c7ba08e394d4569 Mon Sep 17 00:00:00 2001
From: Chris Burkert <burkert.chris@gmail.com>
Date: Thu, 11 Jun 2026 19:13:57 +0200
Subject: [PATCH] fix: disable fingerprinting

Signed-off-by: Chris Burkert <burkert.chris@gmail.com>
---
 internal/grpc/session.go      |  7 -------
 internal/grpc/session_test.go | 36 -----------------------------------
 2 files changed, 43 deletions(-)

diff --git a/internal/grpc/session.go b/internal/grpc/session.go
index ab226a3f..e49b2148 100644
--- a/internal/grpc/session.go
+++ b/internal/grpc/session.go
@@ -137,13 +137,6 @@ func (s *SessionServer) GetSession(ctx context.Context, req *sessionv1.GetSessio
 		return nil, dt.Err()
 	}
 
-	// Compare fingerprints
-	if sess.Fingerprint != req.GetFingerprint() {
-		span.SetStatus(codes.Ok, "fingerprint mismatch")
-		slogctx.Warn(ctx, "Is this an attack? Fingerprints do not match", "sessionFingerprint", sess.Fingerprint, "requestFingerprint", req.GetFingerprint())
-		return &sessionv1.GetSessionResponse{Valid: false}, nil
-	}
-
 	// Compare tenant IDs
 	if sess.TenantID != req.GetTenantId() {
 		span.SetStatus(codes.Ok, "tenant id mismatch")
diff --git a/internal/grpc/session_test.go b/internal/grpc/session_test.go
index 2dda10fe..ff06d695 100644
--- a/internal/grpc/session_test.go
+++ b/internal/grpc/session_test.go
@@ -424,42 +424,6 @@ func TestGetSession(t *testing.T) {
 		assert.Nil(t, resp)
 	})
 
-	t.Run("invalid - fingerprint mismatch", func(t *testing.T) {
-		sess := session.Session{
-			ID:          "session-fingerprint",
-			TenantID:    "tenant-fingerprint",
-			Fingerprint: "correct-fingerprint",
-			Issuer:      "https://issuer.example.com",
-		}
-
-		sessionRepo := sessionmock.NewInMemRepository(
-			sessionmock.WithSession(sess),
-		)
-		_ = sessionRepo.BumpActive(ctx, sess.ID, 1*time.Hour)
-
-		mapping := trust.OIDCMapping{
-			IssuerURL: "https://issuer.example.com",
-			Blocked:   false,
-		}
-		trustRepo := trustmock.NewInMemRepository(
-			trustmock.WithTrust(sess.TenantID, mapping),
-		)
-
-		server := grpc.NewSessionServer(ctx, sessionRepo, trustRepo, 90*time.Minute, "")
-
-		req := &sessionv1.GetSessionRequest{
-			SessionId:   "session-fingerprint",
-			TenantId:    "tenant-fingerprint",
-			Fingerprint: "wrong-fingerprint", // Mismatch
-		}
-
-		resp, err := server.GetSession(ctx, req)
-
-		require.NoError(t, err)
-		assert.NotNil(t, resp)
-		assert.False(t, resp.GetValid())
-	})
-
 	t.Run("invalid - tenant ID mismatch", func(t *testing.T) {
 		sess := session.Session{
 			ID:          "session-tenant",