Module doesn't seem to handle response_type?

payprop / net-oauth2-authorizationserver

Module to implement core functions of an OAuth2 authorization server

7 stars 10 forks source link

Module doesn't seem to handle response_type? #4

Closed leejo closed 7 years ago

leejo commented 7 years ago

According to the RFC this is a requirement in the Implicit and Auth Code grant flows: https://tools.ietf.org/html/rfc6749#section-3.1.1

It seems this is handled in the Mojolicious Plugin but this module doesn't concern itself with it, that seems to be wrong if this module is to be a generic solution. Should probably move the response_type handling/checking from the Mojolicious Plugin module down into this module to simplify the Mojolicious Plugin and make this module more complete.

leejo commented 7 years ago

Some relevant commits: 52a9ab58814460f486ae579f33e987941d45cd92

https://github.com/Humanstate/mojolicious-plugin-oauth2-server/commit/d3dd41d7268200fcd54683a3acb139151b3fc011

https://github.com/Humanstate/mojolicious-plugin-oauth2-server/commit/824031745119182deeb9400d2c89f386d8cebef2

https://github.com/Humanstate/mojolicious-plugin-oauth2-server/commit/5ecd6a5ff209a4de3a8bbc6598de09ee7070f0bb