From ffeca96aa76167a098068334a567bb7c0975acc8 Mon Sep 17 00:00:00 2001
From: Miciah Masters <miciah.masters@gmail.com>
Date: Mon, 4 Nov 2024 15:19:59 -0500
Subject: [PATCH] retrieveDeviceAuth: Call r.Body.Close()

Close the response body after reading it in the DeviceAuth logic.

The retrieveDeviceAuth function did not close the response body.
However, the net/http documentation states that one is expected to close
the response body after one sends an HTTP request and reads the response
body.  In addition, the doTokenRoundTrip function *does* call
r.Body.Close().  (Some other functions use a client with a custom
Transport that automatically closes the body, but that is not the case
for retrieveDeviceAuth or doTokenRoundTrip.)

Follow-up to commit e3fb0fb3af0ee7c0c62e31c393cbcfce6b2af5bf.

* deviceauth.go (retrieveDeviceAuth): Call r.Body.Close() after reading
r.Body.
---
 deviceauth.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/deviceauth.go b/deviceauth.go
index e99c92f39..93503c73d 100644
--- a/deviceauth.go
+++ b/deviceauth.go
@@ -112,6 +112,7 @@ func retrieveDeviceAuth(ctx context.Context, c *Config, v url.Values) (*DeviceAu
 	}
 
 	body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
+	r.Body.Close()
 	if err != nil {
 		return nil, fmt.Errorf("oauth2: cannot auth device: %v", err)
 	}