Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix various issues with the hybrid flow #11719

Merged
merged 1 commit into from
May 19, 2022
Merged

Fix various issues with the hybrid flow #11719

merged 1 commit into from
May 19, 2022

Conversation

kevinchalet
Copy link
Member

Fixes #11717.

@kevinchalet kevinchalet self-assigned this May 17, 2022
@kevinchalet
Copy link
Member Author

@MichaelPetrinolis when you have a moment, could you please give it a try? 😃

@MichaelPetrinolis
Copy link
Contributor

MichaelPetrinolis commented May 18, 2022
edited
Loading

@kevinchalet tested the scenarios I used and works as expected, thanx!
I also verified that when we change the response type to codetoken or codeidtokentoken for a client on a confidential app, the idp does not allow it. I will open a a bug for the OpenId client, because when we change the application from confidential to public(to check the other two response types), we cannot clear the client secret in the client configuration and the idp rejects the request because client_secret is not expected.

related bug: #11724

@sebastienros
Copy link
Member

Now it's conflicting ...

@kevinchalet
Copy link
Member Author

Now it's conflicting ...

That's what happens when you merge PRs in the wrong order... :trollface:

I'll rebase it and update @MichaelPetrinolis' new extension to use the same fix.

@kevinchalet kevinchalet changed the title Fix various issues with the hybrid flow in ApplicationController and OpenIdApplicationStep Fix various issues with the hybrid flow May 19, 2022
@sebastienros sebastienros enabled auto-merge (squash) May 19, 2022 18:02
@sebastienros sebastienros merged commit 97d9826 into OrchardCMS:main May 19, 2022
@kevinchalet kevinchalet deleted the hybrid_flow branch May 19, 2022 18:10
@kevinchalet kevinchalet added this to the 1.x milestone May 19, 2022
@Skrypt Skrypt modified the milestones: 1.x, 1.5 Nov 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebastienros sebastienros sebastienros approved these changes

Assignees

@kevinchalet kevinchalet

Labels
bug 🐛 OpenId
Projects
None yet
Milestone
1.5
Development

Successfully merging this pull request may close these issues.

OpenId Server Hybrid Flow does not work
4 participants
@kevinchalet @MichaelPetrinolis @sebastienros @Skrypt