go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-06 22:42:56 +02:00
Code Issues Releases Activity

feat: use non-default authorization request response mode in OIDC providers (#3055)

Browse Source 
* fix: OIDC sets response mode

* Update CHANGELOG
This commit is contained in:
Michael Cornel
2025-07-23 22:40:12 +02:00
committed by GitHub
parent dc8b1623a2
commit b905f2cd93
3 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -14,6 +14,7 @@
- [#2359](https://github.com/oauth2-proxy/oauth2-proxy/pull/2359) feat: add SourceHut (sr.ht) provider(@bitfehler) - [#2359](https://github.com/oauth2-proxy/oauth2-proxy/pull/2359) feat: add SourceHut (sr.ht) provider(@bitfehler)
- [#2524](https://github.com/oauth2-proxy/oauth2-proxy/pull/2524) fix: regex substitution for $ signs in upstream path handling before running envsubst (@dashkan / @tuunit) - [#2524](https://github.com/oauth2-proxy/oauth2-proxy/pull/2524) fix: regex substitution for $ signs in upstream path handling before running envsubst (@dashkan / @tuunit)
- [#3104](https://github.com/oauth2-proxy/oauth2-proxy/pull/3104) feat(cookie): add feature support for cookie-secret-file (@sandy2008) - [#3104](https://github.com/oauth2-proxy/oauth2-proxy/pull/3104) feat(cookie): add feature support for cookie-secret-file (@sandy2008)
- [#3055](https://github.com/oauth2-proxy/oauth2-proxy/pull/3055) feat: support non-default authorization request response mode also for OIDC providers (@stieler-it)
# V7.10.0 # V7.10.0

5
providers/oidc.go
View File

@ -61,6 +61,11 @@ func (p *OIDCProvider) GetLoginURL(redirectURI, state, nonce string, extraParams
if !p.SkipNonce { if !p.SkipNonce {
extraParams.Add("nonce", nonce) extraParams.Add("nonce", nonce)
} }
// Response mode should only be set if a non default mode is requested
if p.AuthRequestResponseMode != "" {
extraParams.Add("response_mode", p.AuthRequestResponseMode)
}
loginURL := makeLoginURL(p.Data(), redirectURI, state, extraParams) loginURL := makeLoginURL(p.Data(), redirectURI, state, extraParams)
return loginURL.String() return loginURL.String()
} }

29
providers/oidc_test.go
View File

@ -275,3 +275,32 @@ func TestOIDCProviderCreateSessionFromToken(t *testing.T) {
}) })
} }
} }
func TestOIDCProviderResponseModeConfigured(t *testing.T) {
providerData := &ProviderData{
LoginURL: &url.URL{
Scheme: "http",
Host: "my.test.idp",
Path: "/oauth/authorize",
},
AuthRequestResponseMode: "form_post",
}
p := NewOIDCProvider(providerData, options.OIDCOptions{})
result := p.GetLoginURL("https://my.test.app/oauth", "", "", url.Values{})
assert.Contains(t, result, "response_mode=form_post")
}
func TestOIDCProviderResponseModeNotConfigured(t *testing.T) {
providerData := &ProviderData{
LoginURL: &url.URL{
Scheme: "http",
Host: "my.test.idp",
Path: "/oauth/authorize",
},
}
p := NewOIDCProvider(providerData, options.OIDCOptions{})
result := p.GetLoginURL("https://my.test.app/oauth", "", "", url.Values{})
assert.NotContains(t, result, "response_mode")
}