fix(oidc): store requested response_mode (#8145)

# Which Problems Are Solved Zitadel never stored or returned the requested `response_mode` in oidc Auth Requests. This caused the oidc library to fallback to the default based on the response_type. # How the Problems Are Solved - Store the `response_mode` in the Auth request repo - Store the `response_mode` in the Auth request v2 events - Return the `resonse_mode` from the Auth Request v1 and v2 `ResponseMode()` methods. (Was hard-coded to an empty string) # Additional Changes - Populate the `response_modes_supported` to the oidc Discovery Configuration. When it was empty, the standard specifies the default of `query` and `fragment`. However, our oidc library also supports `form_post` and by this fix, zitadel now also supports this. # Additional Context - Closes #6586 - Reported https://discord.com/channels/927474939156643850/1151508313717084220 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 03:37:34 +00:00 · 2024-06-17 12:50:12 +03:00
parent 85d7536d44
commit 1aa8c49e41
15 changed files with 287 additions and 20 deletions
--- a/internal/api/oidc/auth_request_converter_test.go
+++ b/internal/api/oidc/auth_request_converter_test.go
@@ -0,0 +1,96 @@
+package oidc
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+func TestResponseModeToBusiness(t *testing.T) {
+	type args struct {
+		responseMode oidc.ResponseMode
+	}
+	tests := []struct {
+		name string
+		args args
+		want domain.OIDCResponseMode
+	}{
+		{
+			name: "empty",
+			args: args{""},
+			want: domain.OIDCResponseModeUnspecified,
+		},
+		{
+			name: "invalid",
+			args: args{"foo"},
+			want: domain.OIDCResponseModeUnspecified,
+		},
+		{
+			name: "query",
+			args: args{oidc.ResponseModeQuery},
+			want: domain.OIDCResponseModeQuery,
+		},
+		{
+			name: "fragment",
+			args: args{oidc.ResponseModeFragment},
+			want: domain.OIDCResponseModeFragment,
+		},
+		{
+			name: "post_form",
+			args: args{oidc.ResponseModeFormPost},
+			want: domain.OIDCResponseModeFormPost,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := ResponseModeToBusiness(tt.args.responseMode)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestResponseModeToOIDC(t *testing.T) {
+	type args struct {
+		responseMode domain.OIDCResponseMode
+	}
+	tests := []struct {
+		name string
+		args args
+		want oidc.ResponseMode
+	}{
+		{
+			name: "unspecified",
+			args: args{domain.OIDCResponseModeUnspecified},
+			want: "",
+		},
+		{
+			name: "invalid",
+			args: args{99},
+			want: "",
+		},
+		{
+			name: "query",
+			args: args{domain.OIDCResponseModeQuery},
+			want: oidc.ResponseModeQuery,
+		},
+		{
+			name: "fragment",
+			args: args{domain.OIDCResponseModeFragment},
+			want: oidc.ResponseModeFragment,
+		},
+		{
+			name: "form_post",
+			args: args{domain.OIDCResponseModeFormPost},
+			want: oidc.ResponseModeFormPost,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := ResponseModeToOIDC(tt.args.responseMode)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}