Closed georgeboot closed 1 year ago
I think this is on purpose as we don't have the concept of an id_token for the implicit grant in oauth 2. I'd be hesitant to change this until we have time to implement oicd.
Have you raised an issue with the downstream package? Might be better for them to tackle it at this time
I know OIDC is not formally supported by this package.
We are however implementing an OIDC server using this package (with the help of https://github.com/jeremy379/laravel-openid-connect).
When I use the authorisation code grant, this works as expected.
However, when I try to do an implict grant (or implict flow as OIDC calles it) by setting
response_type=token id_token
, the server always rejects the request because the following check does not match the request: https://github.com/thephpleague/oauth2-server/blob/ab7714d073844497fd222d5d0a217629089936bc/src/Grant/ImplicitGrant.php#L105-L109In this done on purpose? Should this check not rather be a contains check? I am happy to submit a PR if this is the case.
If not, are there any ways for me to get my setup working?