get response_modes_supported when discovery

doorkeeper-gem · Mar 12, 2021 · 5b5b469 · 5b5b469
1 parent 99ef25e
commit 5b5b469
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 2 deletions.
diff --git a/app/controllers/doorkeeper/openid_connect/discovery_controller.rb b/app/controllers/doorkeeper/openid_connect/discovery_controller.rb
@@ -38,7 +38,7 @@ def provider_response
 
           # TODO: support id_token response type
           response_types_supported: doorkeeper.authorization_response_types,
-          response_modes_supported: %w[query fragment],
+          response_modes_supported: response_modes_supported(doorkeeper),
           grant_types_supported: grant_types_supported(doorkeeper),
 
           # TODO: look into doorkeeper-jwt_assertion for these
@@ -76,6 +76,10 @@ def grant_types_supported(doorkeeper)
         grant_types_supported
       end
 
+      def response_modes_supported(doorkeeper)
+        doorkeeper.authorization_response_flows.flat_map(&:response_mode_matches).uniq
+      end
+
       def webfinger_response
         {
           subject: params.require(:resource),

diff --git a/spec/controllers/discovery_controller_spec.rb b/spec/controllers/discovery_controller_spec.rb
@@ -19,7 +19,7 @@
 
         'scopes_supported' => ['openid'],
         'response_types_supported' => ['code', 'token', 'id_token', 'id_token token'],
-        'response_modes_supported' => %w[query fragment],
+        'response_modes_supported' => %w[query fragment form_post],
         'grant_types_supported' => %w[authorization_code client_credentials implicit_oidc],
 
         'token_endpoint_auth_methods_supported' => %w[client_secret_basic client_secret_post],
@@ -65,6 +65,39 @@
       end
     end
 
+    context 'when grant_flows is configed with only client_credentials' do
+      before { Doorkeeper.configure { grant_flows %w[client_credentials] } }
+
+      it 'return empty response_modes_supported' do
+        get :provider
+        data = JSON.parse(response.body)
+
+        expect(data['response_modes_supported']).to eq []
+      end
+    end
+
+    context 'when grant_flows is configed only implicit flow' do
+      before { Doorkeeper.configure { grant_flows %w[implicit_oidc] } }
+
+      it 'return fragment and form_post as response_modes_supported' do
+        get :provider
+        data = JSON.parse(response.body)
+
+        expect(data['response_modes_supported']).to eq %w[fragment form_post]
+      end
+    end
+
+    context 'when grant_flows is configed with authorization_code and implicit flow' do
+      before { Doorkeeper.configure { grant_flows %w[authorization_code implicit_oidc] } }
+
+      it 'return query, fragment and form_post as response_modes_supported' do
+        get :provider
+        data = JSON.parse(response.body)
+
+        expect(data['response_modes_supported']).to eq %w[query fragment form_post]
+      end
+    end
+
     it 'uses the protocol option for generating URLs' do
       Doorkeeper::OpenidConnect.configure do
         protocol { :testing }