Fail if the response type is not properly set

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-05-16 11:24:48 +02:00
parent 1525cc286c
commit aa78c30666
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 10 additions and 1 deletions

View File

@ -61,11 +61,20 @@ class LoginRedirectorController extends Controller {
*
* @param string $client_id
* @param string $state
* @param string $response_type
* @return RedirectResponse
*/
public function authorize($client_id,
$state) {
$state,
$response_type) {
$client = $this->clientMapper->getByIdentifier($client_id);
if ($response_type !== 'code') {
//Fail
$url = $client->getRedirectUri() . '?error=unsupported_response_type&state=' . $state;
return new RedirectResponse($url);
}
$this->session->set('oauth.state', $state);
$targetUrl = $this->urlGenerator->linkToRouteAbsolute(