Comments (2)
But unless params[options.response_type]
condition is incorrect if
It looks like it should be executed only if option :response_type is set to code
I'd say we can go with 2nd option, but it's worth to consider extracting check to separate method or at least local variable to make this check a bit more clear, like
valid_code = params.key?('code') && options.response_type == 'code'
return fail!(
:missing_code,
OmniAuth::OpenIDConnect::MissingCodeError.new(params['error'])
) unless valid_code
from omniauth_openid_connect.
Sure, to keep it simple we can add support for id_token first, like:
return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(params['error'])) unless valid_code?
return fail!(:missing_id_token, OmniAuth::OpenIDConnect::MissingIdTokenError.new(params['error'])) unless valid_id_token?
def valid_code?
options.response_type == 'code' ? params.key?('code') : true
end
def valid_id_token?
options.response_type == 'id_token' ? params.key('id_token') : true
end
but that would be a terrible code duplication, so later on we might want to support all possible grant types like this:
SUPPORTED_GRANT_TYPES = %w[code id_token token].freeze
# e.g. for `id_token token`, it is valid if:
(SUPPORTED_GRANT_TYPES & params.keys).sort.join(' ') == options.response_type
or
# the below would mean we implement some kind of errors array
# and return with fail! from the main callback_phase method if there's at least one
options.response_type.split(' ').each do |grant_type|
unless params.key?(grant_type) && SUPPORTED_GRANT_TYPES.include?(grant_type)
error_class = "OmniAuth::OpenIDConnect::Missing#{grant_type.classify}Error".constantize
errors << { :"missing_#{grant_type}" => error_class.new(params['error']) }
end
end
from omniauth_openid_connect.
Related Issues (20)
- OpenID Certification
- Git tag v0.4.0 HOT 2
- multiple open_id providers with devise HOT 2
- Gitlab client_auth_method basic, secret is url encoded
- OpenIDConnect::Discovery::DiscoveryFailed when discovery is not enabled HOT 3
- When one of the endpoints have a different host
- how to work with endpoints with different hosts but same provider HOT 3
- Using this gem for LTI 1.3
- Allow relaxing state check for IdP initiated SSO HOT 5
- Automatically set (and send?) redirect_uri HOT 2
- Dynamically Set ACR Values HOT 3
- OneLogin OIDC post_logout_redirect_uri issue HOT 3
- OpenID-provider without `userinfo_endpoint`
- Uninitialized constant json::jws::unknownalgorithm HOT 1
- Pitfalls setting up OIDC with ADFS HOT 2
- Why should the logout path be relative to request_path
- Possible bug when upgrading to 0.7.0 and openid_connect to 2.2.0 HOT 2
- When using jwks_uri, default value fails becuase it's not a URI
- OmniAuth::Strategies::OpenIDConnect::CallbackError, csrf_detected | Invalid 'state' parameter HOT 3
- Authentication failure! no implicit conversion of Hash into String (version 0.6.1) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omniauth_openid_connect.