(api) automatically configure the openID response_type

2024-12-01 12:24:28 +01:00 · 2022-04-19 17:39:42 +02:00 · 2022-04-19 17:39:42 +02:00 · 007c97969d
commit 007c97969d
parent 9665368755
5 changed files with 7 additions and 15 deletions
--- a/app/controllers/api/auth_providers_controller.rb
+++ b/app/controllers/api/auth_providers_controller.rb
@ -96,7 +96,7 @@ class API::AuthProvidersController < API::ApiController
    elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
      params.require(:auth_provider)
            .permit(:name, :providable_type,
-                    providable_attributes: %i[id issuer discovery client_auth_method scope response_type prompt
+                    providable_attributes: %i[id issuer discovery client_auth_method scope prompt
                                              send_scope_to_token_endpoint post_logout_redirect_uri uid_field extra_authorize_params
                                              allow_authorize_params client__identifier client__secret client__redirect_uri
                                              client__scheme client__host client__port client__authorization_endpoint client__token_endpoint
--- a/app/frontend/src/javascript/components/authentication-provider/openid-connect-form.tsx
+++ b/app/frontend/src/javascript/components/authentication-provider/openid-connect-form.tsx
@ -103,15 +103,6 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
                 label={t('app.admin.authentication.openid_connect_form.scope')}
                 placeholder="openid,profile,email"
                 tooltip={t('app.admin.authentication.openid_connect_form.scope_help')} />
-      <FormSelect id="providable_attributes.response_type"
-                  label={t('app.admin.authentication.openid_connect_form.response_type')}
-                  tooltip={t('app.admin.authentication.openid_connect_form.response_type_help')}
-                  options={[
-                    { value: 'code', label: t('app.admin.authentication.openid_connect_form.response_type_code') },
-                    { value: 'id_token', label: t('app.admin.authentication.openid_connect_form.response_type_id_token') }
-                  ]}
-                  valueDefault={'code'}
-                  control={control} />
      <FormSelect id="providable_attributes.prompt"
                  label={t('app.admin.authentication.openid_connect_form.prompt')}
                  tooltip={<HtmlTranslate trKey="app.admin.authentication.openid_connect_form.prompt_help_html" />}
--- a/app/models/open_id_connect_provider.rb
+++ b/app/models/open_id_connect_provider.rb
@ -21,6 +21,7 @@ class OpenIdConnectProvider < ApplicationRecord
  before_validation :set_client_scheme_host_port
  before_validation :set_redirect_uri
  before_validation :set_display
+  before_validation :set_response_type

  def config
    OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n|
@ -52,6 +53,10 @@ class OpenIdConnectProvider < ApplicationRecord
    self.response_mode = 'query'
  end

+  def set_response_type
+    self.response_type = 'code'
+  end
+
  def set_client_scheme_host_port
    require 'uri'

--- a/app/views/api/auth_providers/show.json.jbuilder
+++ b/app/views/api/auth_providers/show.json.jbuilder
@ -12,7 +12,7 @@ end

 if @provider.providable_type == OpenIdConnectProvider.name
  json.providable_attributes do
-    json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope, :response_type,
+    json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope,
                  :prompt, :send_scope_to_token_endpoint, :post_logout_redirect_uri, :uid_field, :client__identifier, :client__secret,
                  :client__redirect_uri, :client__scheme, :client__host, :client__port, :client__authorization_endpoint,
                  :client__token_endpoint, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url
--- a/config/locales/app.admin.en.yml
+++ b/config/locales/app.admin.en.yml
@ -1110,10 +1110,6 @@ en:
          client_auth_method_jwks: "JWKS"
          scope: "Scope"
          scope_help: "Which OpenID scopes to include (openid is always required)"
-          response_type: "Response type"
-          response_type_help: "Which OpenID response type to use with the authorization request. This is usually 'code'"
-          response_type_code: "Code"
-          response_type_id_token: "Id token"
          prompt: "Prompt"
          prompt_help_html: "Which OpenID pages the user will be shown. <br> <b>None</b> - no authentication or consent user interface pages are shown. <br> <b>Login</b> - the authorization server prompt the user for reauthentication. <br> <b>Consent</b> - the authorization server prompt the user for consent before returning information to Fab-manager. <br> <b>Select account</b> - the authorization server prompt the user to select a user account."
          prompt_none: "None"