diff --git a/app/controllers/api/auth_providers_controller.rb b/app/controllers/api/auth_providers_controller.rb
index 9b94fe50b..8eb5dfb5e 100644
--- a/app/controllers/api/auth_providers_controller.rb
+++ b/app/controllers/api/auth_providers_controller.rb
@@ -96,7 +96,7 @@ class API::AuthProvidersController < API::ApiController
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
params.require(:auth_provider)
.permit(:name, :providable_type,
- providable_attributes: %i[id issuer discovery client_auth_method scope response_type prompt
+ providable_attributes: %i[id issuer discovery client_auth_method scope prompt
send_scope_to_token_endpoint post_logout_redirect_uri uid_field extra_authorize_params
allow_authorize_params client__identifier client__secret client__redirect_uri
client__scheme client__host client__port client__authorization_endpoint client__token_endpoint
diff --git a/app/frontend/src/javascript/components/authentication-provider/openid-connect-form.tsx b/app/frontend/src/javascript/components/authentication-provider/openid-connect-form.tsx
index b3d4e1fa9..96e6267d6 100644
--- a/app/frontend/src/javascript/components/authentication-provider/openid-connect-form.tsx
+++ b/app/frontend/src/javascript/components/authentication-provider/openid-connect-form.tsx
@@ -103,15 +103,6 @@ export const OpenidConnectForm =
-
}
diff --git a/app/models/open_id_connect_provider.rb b/app/models/open_id_connect_provider.rb
index 0bd4badf3..44b2a616c 100644
--- a/app/models/open_id_connect_provider.rb
+++ b/app/models/open_id_connect_provider.rb
@@ -21,6 +21,7 @@ class OpenIdConnectProvider < ApplicationRecord
before_validation :set_client_scheme_host_port
before_validation :set_redirect_uri
before_validation :set_display
+ before_validation :set_response_type
def config
OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n|
@@ -52,6 +53,10 @@ class OpenIdConnectProvider < ApplicationRecord
self.response_mode = 'query'
end
+ def set_response_type
+ self.response_type = 'code'
+ end
+
def set_client_scheme_host_port
require 'uri'
diff --git a/app/views/api/auth_providers/show.json.jbuilder b/app/views/api/auth_providers/show.json.jbuilder
index b30d4c285..53aaf6363 100644
--- a/app/views/api/auth_providers/show.json.jbuilder
+++ b/app/views/api/auth_providers/show.json.jbuilder
@@ -12,7 +12,7 @@ end
if @provider.providable_type == OpenIdConnectProvider.name
json.providable_attributes do
- json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope, :response_type,
+ json.extract! @provider.providable, :id, :issuer, :discovery, :client_auth_method, :scope,
:prompt, :send_scope_to_token_endpoint, :post_logout_redirect_uri, :uid_field, :client__identifier, :client__secret,
:client__redirect_uri, :client__scheme, :client__host, :client__port, :client__authorization_endpoint,
:client__token_endpoint, :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url
diff --git a/config/locales/app.admin.en.yml b/config/locales/app.admin.en.yml
index 55953b401..6ae95c11d 100644
--- a/config/locales/app.admin.en.yml
+++ b/config/locales/app.admin.en.yml
@@ -1113,10 +1113,6 @@ en:
client_auth_method_jwks: "JWKS"
scope: "Scope"
scope_help: "Which OpenID scopes to include (openid is always required)"
- response_type: "Response type"
- response_type_help: "Which OpenID response type to use with the authorization request. This is usually 'code'"
- response_type_code: "Code"
- response_type_id_token: "Id token"
prompt: "Prompt"
prompt_help_html: "Which OpenID pages the user will be shown.
None - no authentication or consent user interface pages are shown.
Login - the authorization server prompt the user for reauthentication.
Consent - the authorization server prompt the user for consent before returning information to Fab-manager.
Select account - the authorization server prompt the user to select a user account."
prompt_none: "None"