providers/oauth2: add support for explicit response_mode
closes #1953 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
2ccab75021
commit
b5d43b15f8
|
@ -45,6 +45,13 @@ class GrantTypes(models.TextChoices):
|
||||||
HYBRID = "hybrid"
|
HYBRID = "hybrid"
|
||||||
|
|
||||||
|
|
||||||
|
class ResponseMode(models.TextChoices):
|
||||||
|
"""https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#OAuth.Post"""
|
||||||
|
|
||||||
|
QUERY = "query"
|
||||||
|
FRAGMENT = "fragment"
|
||||||
|
|
||||||
|
|
||||||
class SubModes(models.TextChoices):
|
class SubModes(models.TextChoices):
|
||||||
"""Mode after which 'sub' attribute is generateed, for compatibility reasons"""
|
"""Mode after which 'sub' attribute is generateed, for compatibility reasons"""
|
||||||
|
|
||||||
|
|
|
@ -44,6 +44,7 @@ from authentik.providers.oauth2.models import (
|
||||||
AuthorizationCode,
|
AuthorizationCode,
|
||||||
GrantTypes,
|
GrantTypes,
|
||||||
OAuth2Provider,
|
OAuth2Provider,
|
||||||
|
ResponseMode,
|
||||||
ResponseTypes,
|
ResponseTypes,
|
||||||
)
|
)
|
||||||
from authentik.providers.oauth2.utils import HttpResponseRedirectScheme
|
from authentik.providers.oauth2.utils import HttpResponseRedirectScheme
|
||||||
|
@ -299,13 +300,23 @@ class OAuthFulfillmentStage(StageView):
|
||||||
code = self.params.create_code(self.request)
|
code = self.params.create_code(self.request)
|
||||||
code.save(force_insert=True)
|
code.save(force_insert=True)
|
||||||
|
|
||||||
if self.params.grant_type == GrantTypes.AUTHORIZATION_CODE:
|
query_dict = self.request.POST if self.request.method == "POST" else self.request.GET
|
||||||
|
response_mode = ResponseMode.QUERY
|
||||||
|
# Get response mode from url param, otherwise decide based on grant type
|
||||||
|
if "response_mode" in query_dict:
|
||||||
|
response_mode = query_dict["response_mode"]
|
||||||
|
elif self.params.grant_type == GrantTypes.AUTHORIZATION_CODE:
|
||||||
|
response_mode = ResponseMode.QUERY
|
||||||
|
elif self.params.grant_type in [GrantTypes.IMPLICIT, GrantTypes.HYBRID]:
|
||||||
|
response_mode = ResponseMode.FRAGMENT
|
||||||
|
|
||||||
|
if response_mode == ResponseMode.QUERY:
|
||||||
query_params["code"] = code.code
|
query_params["code"] = code.code
|
||||||
query_params["state"] = [str(self.params.state) if self.params.state else ""]
|
query_params["state"] = [str(self.params.state) if self.params.state else ""]
|
||||||
|
|
||||||
uri = uri._replace(query=urlencode(query_params, doseq=True))
|
uri = uri._replace(query=urlencode(query_params, doseq=True))
|
||||||
return urlunsplit(uri)
|
return urlunsplit(uri)
|
||||||
if self.params.grant_type in [GrantTypes.IMPLICIT, GrantTypes.HYBRID]:
|
if response_mode == ResponseMode.FRAGMENT:
|
||||||
query_fragment = self.create_implicit_response(code)
|
query_fragment = self.create_implicit_response(code)
|
||||||
|
|
||||||
uri = uri._replace(
|
uri = uri._replace(
|
||||||
|
|
Reference in a new issue