From ebd40337cb4e86d12b9ec90da9a73e839431a9de Mon Sep 17 00:00:00 2001
From: Ashfame <mail@ashfame.com>
Date: Wed, 21 Sep 2022 11:30:55 +0400
Subject: [PATCH] switch to GET method when taking user consent

Currently bshaffer oauth library has a bug when POST is used on AuthorizeEndpoint along with nonce
(optional parameter) which fails to set the nonce in id_token
---
 src/Http/Handlers/AuthorizeHandler.php | 2 +-
 templates/authenticate/form.php        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Http/Handlers/AuthorizeHandler.php b/src/Http/Handlers/AuthorizeHandler.php
index fa5a38b..a54dac4 100644
--- a/src/Http/Handlers/AuthorizeHandler.php
+++ b/src/Http/Handlers/AuthorizeHandler.php
@@ -36,7 +36,7 @@ public function handle( Request $request, Response $response ): Response {
 
 		$user = wp_get_current_user();
 		if ( $this->consent_storage->needs_consent( $user->ID ) ) {
-			if ( ! isset( $_POST['authorize'] ) || 'Authorize' !== $_POST['authorize'] ) {
+			if ( ! isset( $_REQUEST['authorize'] ) || 'Authorize' !== $_REQUEST['authorize'] ) {
 				$response->send();
 				exit;
 			}
diff --git a/templates/authenticate/form.php b/templates/authenticate/form.php
index ce6be7a..eddefcb 100644
--- a/templates/authenticate/form.php
+++ b/templates/authenticate/form.php
@@ -1,6 +1,6 @@
 <?php /** @var stdClass $data */ ?>
 
-<form method="post" action="<?php echo esc_url( $data->form_url ); ?>">
+<form method="GET" action="<?php echo esc_url( $data->form_url ); ?>">
 	<?php wp_nonce_field( 'wp_rest' ); /* The nonce will give the REST call the userdata. */ ?>
 	<?php foreach ( $data->form_fields as $key => $value ) : ?>
 		<input type="hidden" name="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $value ); ?>"/>