Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for none response_type #776

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dtam-cybozu
Copy link
Contributor

This PR adds support for the none response_type specified in https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#none

Related Issue or Design Document

This was brought up before here #409

Checklist

  • I have read the contributing guidelines and signed the CLA.
  • I have referenced an issue containing the design document if my change introduces a new feature.
  • I have read the security policy.
  • I confirm that this pull request does not address a security vulnerability.
    If this pull request addresses a security vulnerability,
    I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added the necessary documentation within the code base (if appropriate).

Further comments

I still need to add non-unit tests but I'd prefer to do this after I've received confirmation that this feature and this approach is okay. This is also quite a small feature so perhaps extensive testing of it is not completely necessary - please let me know how much testing you're expecting for this!

I also need to add something to the changelog.

@dtam-cybozu dtam-cybozu requested a review from aeneasr as a code owner November 10, 2023 08:37
@dtam-cybozu dtam-cybozu changed the title feature: add support for none response_type feat: add support for none response_type Nov 10, 2023
Copy link

@sword-jin sword-jin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few suggesstions


ar.SetDefaultResponseMode(fosite.ResponseModeQuery)

if !c.secureChecker(ctx)(ctx, ar.GetRedirectURI()) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this encapsulation is not readable, since secureChecker has no more caller.

You can just change secureChecker to secureCheck, pass the uri to it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, actually most of this file is copy pasted from https://github.com/ory/fosite/blob/master/handler/oauth2/flow_authorize_code_auth.go so I've just copied the style from that file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants