k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

server: fixes for the implicit and hybrid flow

Browse Source 
Accept the following response_type for the implicit flow:

    id_token
    token id_token

And the following for hybrid flow

    code id_token
    code token
    code token id_token

This corrects the previous behavior of the implicit flow, which
only accepted "token" (now correctly rejected).
This commit is contained in:
Eric Chiang
2017-01-09 10:46:16 -08:00
parent ec9d1607b2
commit f926d74157
6 changed files with 318 additions and 62 deletions

4
server/server_test.go

@@ -510,7 +510,7 @@ func TestOAuth2ImplicitFlow(t *testing.T) {
httpServer, s := newTestServer(ctx, t, func(c *Config) {
// Enable support for the implicit flow.
c.SupportedResponseTypes = []string{"code", "token"}
c.SupportedResponseTypes = []string{"code", "token", "id_token"}
})
defer httpServer.Close()
@@ -553,7 +553,7 @@ func TestOAuth2ImplicitFlow(t *testing.T) {
w.WriteHeader(http.StatusOK)
return
}
u := oauth2Config.AuthCodeURL(state, oauth2.SetAuthURLParam("response_type", "token"), oidc.Nonce(nonce))
u := oauth2Config.AuthCodeURL(state, oauth2.SetAuthURLParam("response_type", "id_token token"), oidc.Nonce(nonce))
http.Redirect(w, r, u, http.StatusSeeOther)
}))