fix: open id config

server/constants/oauth2.go

@@ -14,4 +14,6 @@ const (
 	ResponseTypeCode = "code"
 	// For the Implicit grant, use response_type=token to include an access token.
 	ResponseTypeToken = "token"
+	// For the Implicit grant of id_token, use response_type=id_token to include an identifier token.
+	ResponseTypeIDToken = "id_token"
 )

server/handlers/authorize.go

@@ -137,20 +137,34 @@ func AuthorizeHandler() gin.HandlerFunc {
 
 			// in case, response type is code and user is already logged in send the code and state
 			// and cookie session will already be rolled over and set
-			gc.HTML(http.StatusOK, authorizeWebMessageTemplate, gin.H{
+			if responseMode == constants.ResponseModeFormPost {
-				"target_origin": redirectURI,
+				gc.HTML(http.StatusOK, authorizeFormPostTemplate, gin.H{
-				"authorization_response": map[string]interface{}{
+					"target_origin": redirectURI,
-					"type": "authorization_response",
+					"authorization_response": map[string]interface{}{
-					"response": map[string]string{
+						"type": "authorization_response",
-						"code":  code,
+						"response": map[string]string{
-						"state": state,
+							"code":  code,
+							"state": state,
+						},
 					},
-				},
+				})
-			})
+			} else {
+				gc.HTML(http.StatusOK, authorizeWebMessageTemplate, gin.H{
+					"target_origin": redirectURI,
+					"authorization_response": map[string]interface{}{
+						"type": "authorization_response",
+						"response": map[string]string{
+							"code":  code,
+							"state": state,
+						},
+					},
+				})
+			}
+
 			return
 		}
 
-		if responseType == constants.ResponseTypeToken {
+		if responseType == constants.ResponseTypeToken || responseType == constants.ResponseTypeIDToken {
 			// rollover the session for security
 			authToken, err := token.CreateAuthToken(gc, user, claims.Roles, scope, claims.LoginMethod)
 			if err != nil {
@@ -222,7 +236,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 }
 
 func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge string) error {
-	if responseType != constants.ResponseTypeCode && responseType != constants.ResponseTypeToken {
+	if responseType != constants.ResponseTypeCode && responseType != constants.ResponseTypeToken && responseType != constants.ResponseTypeIDToken {
 		return fmt.Errorf("invalid response type %s. 'code' & 'token' are valid response_type", responseMode)
 	}
 

server/handlers/openid_config.go

@@ -22,7 +22,7 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
 			"jwks_uri":                              issuer + "/.well-known/jwks.json",
 			"response_types_supported":              []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"},
 			"scopes_supported":                      []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
-			"response_modes_supported":              []string{"query", "fragment", "form_post"},
+			"response_modes_supported":              []string{"query", "fragment", "form_post", "web_message"},
 			"id_token_signing_alg_values_supported": []string{jwtType},
 			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
 		})