Use ResponseType that doesn't care about tokens order

2025-11-20 12:02:22 +03:00 · 2022-09-09 14:52:59 +02:00
parent f5715018a6
commit fca6cfa393
10 changed files with 618 additions and 145 deletions
--- a/crates/handlers/src/oauth2/authorization/mod.rs
+++ b/crates/handlers/src/oauth2/authorization/mod.rs
@@ -23,7 +23,6 @@ use axum_extra::extract::PrivateCookieJar;
 use hyper::StatusCode;
 use mas_axum_utils::SessionInfoExt;
 use mas_data_model::{AuthorizationCode, Pkce};
-use mas_iana::oauth::OAuthAuthorizationEndpointResponseType;
 use mas_keystore::Encrypter;
 use mas_policy::PolicyFactory;
 use mas_router::{PostAuthAction, Route};
@@ -35,8 +34,8 @@ use mas_templates::Templates;
 use oauth2_types::{
    errors::{ClientError, ClientErrorCode},
    pkce,
-    prelude::*,
    requests::{AuthorizationRequest, GrantType, Prompt, ResponseMode},
+    response_type::ResponseType,
 };
 use rand::{distributions::Alphanumeric, thread_rng, Rng};
 use serde::Deserialize;
@@ -134,7 +133,7 @@ pub(crate) struct Params {
 /// figure out what response mode must be used, and emit an error if the
 /// suggested response mode isn't allowed for the given response types.
 fn resolve_response_mode(
-    response_type: OAuthAuthorizationEndpointResponseType,
+    response_type: &ResponseType,
    suggested_response_mode: Option<ResponseMode>,
 ) -> anyhow::Result<ResponseMode> {
    use ResponseMode as M;
@@ -172,7 +171,7 @@ pub(crate) async fn get(
        .resolve_redirect_uri(&params.auth.redirect_uri)?
        .clone();
    let response_type = params.auth.response_type;
-    let response_mode = resolve_response_mode(response_type, params.auth.response_mode)?;
+    let response_mode = resolve_response_mode(&response_type, params.auth.response_mode)?;

    // Now we have a proper callback destination to go to on error
    let callback_destination = CallbackDestination::try_new(
--- a/crates/handlers/src/oauth2/discovery.rs
+++ b/crates/handlers/src/oauth2/discovery.rs
@@ -66,9 +66,9 @@ pub(crate) async fn get(
    let scopes_supported = Some(vec![scope::OPENID.to_string(), scope::EMAIL.to_string()]);

    let response_types_supported = Some(vec![
-        OAuthAuthorizationEndpointResponseType::Code,
-        OAuthAuthorizationEndpointResponseType::IdToken,
-        OAuthAuthorizationEndpointResponseType::CodeIdToken,
+        OAuthAuthorizationEndpointResponseType::Code.into(),
+        OAuthAuthorizationEndpointResponseType::IdToken.into(),
+        OAuthAuthorizationEndpointResponseType::CodeIdToken.into(),
    ]);

    let response_modes_supported = Some(vec![
--- a/crates/handlers/src/oauth2/registration.rs
+++ b/crates/handlers/src/oauth2/registration.rs
@@ -138,7 +138,7 @@ pub(crate) async fn post(
        &client_id,
        metadata.redirect_uris(),
        None,
-        metadata.response_types(),
+        &metadata.response_types(),
        metadata.grant_types(),
        contacts,
        metadata