response_type: Must include an ID token for OpenID Connect. If your web application also needs tokens for calling a web API, you can use code+id_token.
This commit extends the OmniAuth::Strategies::OpenIDConnect to encode the response_type into the query parameter as space-delimited token list when provided as an array. Similarly, when checking for missing keys in the response, iterate over the values as if they're an array.
For the originally supported single-value case, the previous behavior is maintained.
Closes omniauth/omniauth_openid_connect#105 Similar to omniauth/omniauth_openid_connect#107
Some OpenID compatible IdP support hybrid authorizations that accept a
response_type
with bothcode
andid_token
.For example, Microsoft Azure B2C accepts them as a URL-encoded array:
This commit extends the
OmniAuth::Strategies::OpenIDConnect
to encode theresponse_type
into the query parameter as space-delimited token list when provided as an array. Similarly, when checking for missing keys in the response, iterate over the values as if they're an array.For the originally supported single-value case, the previous behavior is maintained.