fix: open id config

2022-10-16 21:03:37 +05:30 · 2022-10-16 21:03:37 +05:30 · 3cd99fe5f6
commit 3cd99fe5f6
parent 2bd92d6028
3 changed files with 28 additions and 12 deletions
--- a/server/constants/oauth2.go
+++ b/server/constants/oauth2.go
@ -14,4 +14,6 @@ const (
 	ResponseTypeCode = "code"
 	// For the Implicit grant, use response_type=token to include an access token.
 	ResponseTypeToken = "token"
 	// For the Implicit grant of id_token, use response_type=id_token to include an identifier token.
 	ResponseTypeIDToken = "id_token"
 )
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@ -137,6 +137,18 @@ func AuthorizeHandler() gin.HandlerFunc {
 			// in case, response type is code and user is already logged in send the code and state
 			// and cookie session will already be rolled over and set
 			if responseMode == constants.ResponseModeFormPost {
 				gc.HTML(http.StatusOK, authorizeFormPostTemplate, gin.H{
 					"target_origin": redirectURI,
 					"authorization_response": map[string]interface{}{
 						"type": "authorization_response",
 						"response": map[string]string{
 							"code":  code,
 							"state": state,
 						},
 					},
 				})
 			} else {
 				gc.HTML(http.StatusOK, authorizeWebMessageTemplate, gin.H{
 					"target_origin": redirectURI,
 					"authorization_response": map[string]interface{}{
@ -147,10 +159,12 @@ func AuthorizeHandler() gin.HandlerFunc {
 						},
 					},
 				})
 			}
 			return
 		}
-		if responseType == constants.ResponseTypeToken {
+		if responseType == constants.ResponseTypeToken || responseType == constants.ResponseTypeIDToken {
 			// rollover the session for security
 			authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod)
 			if err != nil {
@ -222,7 +236,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 }
 func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge string) error {
-	if responseType != constants.ResponseTypeCode && responseType != constants.ResponseTypeToken {
+	if responseType != constants.ResponseTypeCode && responseType != constants.ResponseTypeToken && responseType != constants.ResponseTypeIDToken {
 		return fmt.Errorf("invalid response type %s. 'code' & 'token' are valid response_type", responseMode)
 	}
--- a/server/handlers/openid_config.go
+++ b/server/handlers/openid_config.go
@ -22,7 +22,7 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
 			"jwks_uri":                              issuer + "/.well-known/jwks.json",
 			"response_types_supported":              []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"},
 			"scopes_supported":                      []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
-			"response_modes_supported":              []string{"query", "fragment", "form_post"},
+			"response_modes_supported":              []string{"query", "fragment", "form_post", "web_message"},
 			"id_token_signing_alg_values_supported": []string{jwtType},
 			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
 		})