feat(op): Add response_mode: form_post (#551)

* feat(op): Add response_mode: form_post * Fix to parse the template ahead of time * Fix to render the template in a buffer * Remove unnecessary import * Fix test * Fix example client setting * Make sure the client not to reuse the content of the response * Fix error handling * Add the response_mode param * Allow implicit flow in the example app * feat(rp): allow form_post in code exchange callback handler --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-03-05 22:04:43 +09:00 · 2024-03-05 22:04:43 +09:00 · 5ef597b1db
commit 5ef597b1db
parent fc743a69c7
8 changed files with 131 additions and 11 deletions
--- a/example/client/app/app.go
+++ b/example/client/app/app.go
@ -32,6 +32,7 @@ func main() {
 	issuer := os.Getenv("ISSUER")
 	port := os.Getenv("PORT")
 	scopes := strings.Split(os.Getenv("SCOPES"), " ")
+	responseMode := os.Getenv("RESPONSE_MODE")

 	redirectURI := fmt.Sprintf("http://localhost:%v%v", port, callbackPath)
 	cookieHandler := httphelper.NewCookieHandler(key, key, httphelper.WithUnsecure())
@ -77,12 +78,24 @@ func main() {
 		return uuid.New().String()
 	}

+	urlOptions := []rp.URLParamOpt{
+		rp.WithPromptURLParam("Welcome back!"),
+	}
+
+	if responseMode != "" {
+		urlOptions = append(urlOptions, rp.WithResponseModeURLParam(oidc.ResponseMode(responseMode)))
+	}
+
 	// register the AuthURLHandler at your preferred path.
 	// the AuthURLHandler creates the auth request and redirects the user to the auth server.
 	// including state handling with secure cookie and the possibility to use PKCE.
 	// Prompts can optionally be set to inform the server of
 	// any messages that need to be prompted back to the user.
-	http.Handle("/login", rp.AuthURLHandler(state, provider, rp.WithPromptURLParam("Welcome back!")))
+	http.Handle("/login", rp.AuthURLHandler(
+		state,
+		provider,
+		urlOptions...,
+	))

 	// for demonstration purposes the returned userinfo response is written as JSON object onto response
 	marshalUserinfo := func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens[*oidc.IDTokenClaims], state string, rp rp.RelyingParty, info *oidc.UserInfo) {
--- a/example/server/storage/client.go
+++ b/example/server/storage/client.go
@ -184,10 +184,10 @@ func WebClient(id, secret string, redirectURIs ...string) *Client {
 		applicationType:                op.ApplicationTypeWeb,
 		authMethod:                     oidc.AuthMethodBasic,
 		loginURL:                       defaultLoginURL,
-		responseTypes:                  []oidc.ResponseType{oidc.ResponseTypeCode},
+		responseTypes:                  []oidc.ResponseType{oidc.ResponseTypeCode, oidc.ResponseTypeIDTokenOnly, oidc.ResponseTypeIDToken},
 		grantTypes:                     []oidc.GrantType{oidc.GrantTypeCode, oidc.GrantTypeRefreshToken, oidc.GrantTypeTokenExchange},
 		accessTokenType:                op.AccessTokenTypeBearer,
-		devMode:                        false,
+		devMode:                        true,
 		idTokenUserinfoClaimsAssertion: false,
 		clockSkew:                      0,
 	}
--- a/example/server/storage/oidc.go
+++ b/example/server/storage/oidc.go
@ -35,6 +35,7 @@ type AuthRequest struct {
 	UserID        string
 	Scopes        []string
 	ResponseType  oidc.ResponseType
+	ResponseMode  oidc.ResponseMode
 	Nonce         string
 	CodeChallenge *OIDCCodeChallenge

@ -100,7 +101,7 @@ func (a *AuthRequest) GetResponseType() oidc.ResponseType {
 }

 func (a *AuthRequest) GetResponseMode() oidc.ResponseMode {
-	return "" // we won't handle response mode in this example
+	return a.ResponseMode
 }

 func (a *AuthRequest) GetScopes() []string {
@ -154,6 +155,7 @@ func authRequestToInternal(authReq *oidc.AuthRequest, userID string) *AuthReques
 		UserID:        userID,
 		Scopes:        authReq.Scopes,
 		ResponseType:  authReq.ResponseType,
+		ResponseMode:  authReq.ResponseMode,
 		Nonce:         authReq.Nonce,
 		CodeChallenge: &OIDCCodeChallenge{
 			Challenge: authReq.CodeChallenge,