feat(op): Add response_mode: form_post (#551)

* feat(op): Add response_mode: form_post * Fix to parse the template ahead of time * Fix to render the template in a buffer * Remove unnecessary import * Fix test * Fix example client setting * Make sure the client not to reuse the content of the response * Fix error handling * Add the response_mode param * Allow implicit flow in the example app * feat(rp): allow form_post in code exchange callback handler --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2024-03-05 22:04:43 +09:00 · 2024-03-05 22:04:43 +09:00 · 5ef597b1db
commit 5ef597b1db
parent fc743a69c7
8 changed files with 131 additions and 11 deletions
--- a/pkg/client/rp/relying_party.go
+++ b/pkg/client/rp/relying_party.go
@ -494,9 +494,8 @@ func CodeExchangeHandler[C oidc.IDClaims](callback CodeExchangeCallback[C], rp R
 			unauthorizedError(w, r, "failed to get state: "+err.Error(), state, rp)
 			return
 		}
-		params := r.URL.Query()
-		if params.Get("error") != "" {
-			rp.ErrorHandler()(w, r, params.Get("error"), params.Get("error_description"), state)
+		if errValue := r.FormValue("error"); errValue != "" {
+			rp.ErrorHandler()(w, r, errValue, r.FormValue("error_description"), state)
 			return
 		}
 		codeOpts := make([]CodeExchangeOpt, len(urlParam))
@ -521,7 +520,7 @@ func CodeExchangeHandler[C oidc.IDClaims](callback CodeExchangeCallback[C], rp R
 			}
 			codeOpts = append(codeOpts, WithClientAssertionJWT(assertion))
 		}
-		tokens, err := CodeExchange[C](r.Context(), params.Get("code"), rp, codeOpts...)
+		tokens, err := CodeExchange[C](r.Context(), r.FormValue("code"), rp, codeOpts...)
 		if err != nil {
 			unauthorizedError(w, r, "failed to exchange token: "+err.Error(), state, rp)
 			return