♻️ define body method for authorization response to support response_…

…mode=form_post
doorkeeper-gem · Jan 1, 2021 · d841188 · d841188
1 parent 805b7ca
commit d841188
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 23 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,7 @@
 ## Unreleased
 
+- [#138] Support form_post response mode
+
 ## v1.7.5 (2020-12-15)
 
 ### Changes

diff --git a/README.md b/README.md
@@ -34,6 +34,7 @@ The following parts of [OpenID Connect Core 1.0](http://openid.net/specs/openid-
 - [Requesting Claims using Scope Values](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
 - [UserInfo Endpoint](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
 - [Normal Claims](http://openid.net/specs/openid-connect-core-1_0.html#NormalClaims)
+- (From doorkeeper v5.5.0) [OAuth 2.0 Form Post Response Mode](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html)
 
 In addition we also support most of [OpenID Connect Discovery 1.0](http://openid.net/specs/openid-connect-discovery-1_0.html) for automatic configuration discovery.
 

diff --git a/lib/doorkeeper/oauth/id_token_response.rb b/lib/doorkeeper/oauth/id_token_response.rb
@@ -17,19 +17,17 @@ def redirectable?
         true
       end
 
-      def redirect_uri
-        Authorization::URIBuilder.uri_with_fragment(pre_auth.redirect_uri, redirect_uri_params)
-      end
-
-      private
-
-      def redirect_uri_params
+      def body
         {
           expires_in: auth.token.expires_in_seconds,
           state: pre_auth.state,
           id_token: id_token.as_jws_token
         }
       end
+
+      def redirect_uri
+        Authorization::URIBuilder.uri_with_fragment(pre_auth.redirect_uri, body)
+      end
     end
   end
 end
diff --git a/lib/doorkeeper/oauth/id_token_token_response.rb b/lib/doorkeeper/oauth/id_token_token_response.rb
@@ -3,9 +3,7 @@
 module Doorkeeper
   module OAuth
     class IdTokenTokenResponse < IdTokenResponse
-      private
-
-      def redirect_uri_params
+      def body
         super.merge({
           access_token: auth.token.token,
           token_type: auth.token.token_type

diff --git a/spec/lib/oauth/id_token_response_spec.rb b/spec/lib/oauth/id_token_response_spec.rb
@@ -15,7 +15,7 @@
       :pre_auth,
       client: application,
       redirect_uri: 'http://tst.com/cb',
-      state: nil,
+      state: 'state',
       scopes: Doorkeeper::OAuth::Scopes.from_string('public'),
       error: nil,
       authorizable?: true,
@@ -36,9 +36,21 @@
   end
   let(:id_token) { Doorkeeper::OpenidConnect::IdToken.new(token, pre_auth) }
 
+  describe '#body' do
+    it 'return body response for id_token' do
+      expect(subject.body).to eq({
+        expires_in: auth.token.expires_in_seconds,
+        state: pre_auth.state,
+        id_token: id_token.as_jws_token
+      })
+    end
+  end
+
   describe '#redirect_uri' do
-    it 'includes id_token' do
-      expect(subject.redirect_uri).to include('id_token')
+    it 'includes expires_in, id_token and state' do
+      expect(subject.redirect_uri).to include("#{pre_auth.redirect_uri}#expires_in=#{auth.token.expires_in_seconds}&" \
+        "state=#{pre_auth.state}&" \
+        "id_token=#{id_token.as_jws_token}")
     end
 
     it 'does not include access_token' do

diff --git a/spec/lib/oauth/id_token_token_response_spec.rb b/spec/lib/oauth/id_token_token_response_spec.rb
@@ -14,7 +14,7 @@
       :pre_auth,
       client: application,
       redirect_uri: 'http://tst.com/cb',
-      state: nil,
+      state: 'state',
       scopes: Doorkeeper::OAuth::Scopes.from_string('public'),
       error: nil,
       authorizable?: true,
@@ -33,17 +33,24 @@
   end
   let(:id_token) { Doorkeeper::OpenidConnect::IdToken.new(token, pre_auth) }
 
-  describe '#redirect_uri' do
-    it 'includes id_token' do
-      expect(subject.redirect_uri).to include('id_token')
-    end
-
-    it 'includes access_token' do
-      expect(subject.redirect_uri).to include('access_token')
+  describe '#body' do
+    it 'return body response for id_token and access_token' do
+      expect(subject.body).to eq({
+        expires_in: auth.token.expires_in_seconds,
+        state: pre_auth.state,
+        id_token: id_token.as_jws_token,
+        access_token: auth.token.token,
+        token_type: auth.token.token_type
+      })
     end
+  end
 
-    it 'includes token_type' do
-      expect(subject.redirect_uri).to include('token_type')
+  describe '#redirect_uri' do
+    it 'includes id_token, info of access_token and state' do
+      expect(subject.redirect_uri).to include("#{pre_auth.redirect_uri}#expires_in=#{auth.token.expires_in_seconds}&" \
+        "state=#{pre_auth.state}&" \
+        "id_token=#{id_token.as_jws_token}&" \
+        "access_token=#{auth.token.token}&token_type=#{auth.token.token_type}")
     end
   end
 end