doorkeeper-gem / doorkeeper-openid_connect

OpenID Connect extension for Doorkeeper
MIT License
175 stars 117 forks source link

`introspection_endpoint` cannot be defined when token introspection is turned off #167

Closed sato11 closed 2 years ago

sato11 commented 2 years ago

This fixes #166.

Since oauth_introspect_url is not available, let's workaround by checking if it can be responded to before actually calling it. Another possible solution is to replicate the same condition as doorkeeper repo, namely Doorkeeper.config.allow_token_introspection.is_a?(FalseClass), which I've not chosen because I thought it'd make it more complex to depend on the configuration of a different gem.

Getting rid of introspection_endpoint field can be justified because it is a non-standard (as described in #72, the original PR which introduced it) and not required nor defined by the specification of OIDC Discovery.

About the test case added, the entire routes must be reloaded because the configuration here is loaded once and routes drawn once, refusing to be overriden just like this:

before { Doorkeeper.configure { allow_token_introspection false } }

So I've chosen to mock it and reload routes before and after the example case, knowing this is perhaps a little clumsy type. What do you think?