diff --git a/consent/sql_helper_test.go b/consent/sql_helper_test.go index 3624c5a00ad..c66f9739384 100644 --- a/consent/sql_helper_test.go +++ b/consent/sql_helper_test.go @@ -38,9 +38,11 @@ func TestMySQLHack(t *testing.T) { func TestSQLAuthenticationConverter(t *testing.T) { a := &AuthenticationRequest{ OpenIDConnectContext: &OpenIDConnectContext{ - ACRValues: []string{"1", "2"}, - UILocales: []string{"fr", "de"}, - Display: "popup", + ACRValues: []string{"1", "2"}, + UILocales: []string{"fr", "de"}, + LoginHint: "popup", + IDTokenHintClaims: map[string]interface{}{"foo": "bar"}, + Display: "popup", }, AuthenticatedAt: time.Now().UTC().Add(-time.Minute), RequestedAt: time.Now().UTC().Add(-time.Hour), @@ -92,9 +94,11 @@ func TestSQLAuthenticationConverter(t *testing.T) { func TestSQLConsentConverter(t *testing.T) { a := &ConsentRequest{ OpenIDConnectContext: &OpenIDConnectContext{ - ACRValues: []string{"1", "2"}, - UILocales: []string{"fr", "de"}, - Display: "popup", + ACRValues: []string{"1", "2"}, + UILocales: []string{"fr", "de"}, + Display: "popup", + LoginHint: "popup", + IDTokenHintClaims: map[string]interface{}{"foo": "bar"}, }, RequestedAt: time.Now().UTC().Add(-time.Hour), Client: &client.Client{ID: "client"}, diff --git a/consent/strategy_default.go b/consent/strategy_default.go index 8ea067fbd1d..244ec35863d 100644 --- a/consent/strategy_default.go +++ b/consent/strategy_default.go @@ -213,6 +213,7 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(w http.ResponseWriter, r ACRValues: stringsx.Splitx(ar.GetRequestForm().Get("acr_values"), " "), UILocales: stringsx.Splitx(ar.GetRequestForm().Get("ui_locales"), " "), Display: ar.GetRequestForm().Get("display"), + LoginHint: ar.GetRequestForm().Get("login_hint"), }, }, ); err != nil { diff --git a/consent/types.go b/consent/types.go index 429f8521d5a..f7d7f4ebfc1 100644 --- a/consent/types.go +++ b/consent/types.go @@ -168,8 +168,11 @@ type OpenIDConnectContext struct { // End-User's current or past authenticated session with the Client. IDTokenHintClaims map[string]interface{} `json:"id_token_hint_claims,omitempty"` - // not supported - //LoginHint string `json:"login_hint,omitempty"` + // LoginHint hints about the login identifier the End-User might use to log in (if necessary). + // This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) + // and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a + // phone number in the format specified for the phone_number Claim. The use of this parameter is optional. + LoginHint string `json:"login_hint,omitempty"` } // Contains information on an ongoing login request.