fix(oidc): register all response types when creating an application

fixes gravitee-io/issues#5765
gravitee-io · Jun 21, 2021 · 77c5c95 · 77c5c95
1 parent e6a3aff
commit 77c5c95
Show file tree

Hide file tree

Showing 6 changed files with 1,051 additions and 15,012 deletions.
diff --git a/...er/oauth2/resources/handler/authorization/AuthorizationRequestParseParametersHandler.java b/...er/oauth2/resources/handler/authorization/AuthorizationRequestParseParametersHandler.java
@@ -271,7 +271,7 @@ private void parseResponseTypeParameter(RoutingContext context, Client client) {
         if (client.getResponseTypes() == null) {
             throw new UnauthorizedClientException("Client should have response_type.");
         }
-        if(!Arrays.stream(responseType.split("\\s")).allMatch(type -> client.getResponseTypes().contains(type))) {
+        if(!client.getResponseTypes().contains(responseType)) {
             throw new UnauthorizedClientException("Client should have all requested response_type");
         }
     }

diff --git a/...a/io/gravitee/am/gateway/handler/oauth2/resources/endpoint/AuthorizationEndpointTest.java b/...a/io/gravitee/am/gateway/handler/oauth2/resources/endpoint/AuthorizationEndpointTest.java
@@ -1101,7 +1101,7 @@ private void shouldInvokeAuthorizationEndpoint_implicitFlow(String responseType,
         client.setScopes(Collections.singletonList("read"));
         client.setRedirectUris(Collections.singletonList("http://localhost:9999/callback"));
         client.setAuthorizedGrantTypes(Arrays.asList(GrantType.IMPLICIT));
-        client.setResponseTypes(Arrays.asList(responseType.split("\\s")));
+        client.setResponseTypes(Arrays.asList(responseType));
 
         AuthorizationRequest authorizationRequest = new AuthorizationRequest();
         authorizationRequest.setApproved(true);

diff --git a/gravitee-am-service/src/main/java/io/gravitee/am/service/utils/ResponseTypeUtils.java b/gravitee-am-service/src/main/java/io/gravitee/am/service/utils/ResponseTypeUtils.java
@@ -89,12 +89,15 @@ public static Set<String> applyDefaultResponseType(List<String> grantTypeList) {
         //If grant_type contains authorization_code, response_type must contains code
         if (grantTypes.contains(AUTHORIZATION_CODE)) {
             responseType.add(CODE);
+            responseType.add(CODE_ID_TOKEN);
+            responseType.add(CODE_ID_TOKEN_TOKEN);
         }
 
         //If grant_type contains implicit, response_type must contains token or id_token
         if (grantTypes.contains(IMPLICIT)) {
             responseType.add(ID_TOKEN);
             responseType.add(TOKEN);
+            responseType.add(ID_TOKEN_TOKEN);
         }
 
         return responseType;