-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Response Mode Optional (Oracle IDCS) #1010
Comments
I agree, when reading the spec (https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest):
Means when I will need to test this first on other real IDPs first... |
Tested: Works on my IDP: Tried: index c10152ed..f89f04f5 100644
--- a/oidc-client-ts/OidcClientSettings.ts
+++ b/oidc-client-ts/OidcClientSettings.ts
@@ -162,7 +162,7 @@ export class OidcClientSettingsStore {
public readonly ui_locales: string | undefined;
public readonly acr_values: string | undefined;
public readonly resource: string | string[] | undefined;
- public readonly response_mode: "query" | "fragment";
+ public readonly response_mode: "query" | "fragment" | undefined;
// behavior flags
public readonly filterProtocolClaims: boolean | string[];
@@ -191,7 +191,7 @@ export class OidcClientSettingsStore {
redirect_uri, post_logout_redirect_uri,
client_authentication = DefaultClientAuthentication,
// optional protocol
- prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode,
+ prompt, display, max_age, ui_locales, acr_values, resource, response_mode,// = DefaultResponseMode,
// behavior flags
filterProtocolClaims = true,
loadUserInfo = false, |
Should we fixed that in a major or minor version? I tend to do it in a minor, as it fixes a bug and the chance that existing IDPs still work seems high. Will add a release notice for that... |
@pamapa the chance that it can break something is low, i agree, but if you don't specify it in your config it means that the response_mode will be query , and after the upgrade it will be absent and it can lead to changing the behavior for the app. I would like to see it in a minor version update, but if you don't want to struggle with issues like "after the upgrade the auth is broken" - major is more suitable. And thank you for your work. |
@dzirg44 You are right lets do this on the planned 3.0.0, which comes later this year. |
In Oracle IDCS (Identity Cloud Services) both options
(according to https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)
are invalid.
If I use
query => code
I have
in case
fragment => token
Only when I remove the default value
https://github.com/authts/oidc-client-ts/blob/main/src/OidcClient.ts#L102
I can make it work.
In my opinion , if it is not a mistake caused by Oracle developers there are 2 ways to fix.
1 - simply delete the default value
2 - add 'none' option to response_mode
the fix I found out exploring
https://auth0.com/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-auth-code-flow#code-exchange-request-authorization-code-flow-with-pkce
The text was updated successfully, but these errors were encountered: