Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support auth_type param #3487

Merged
merged 1 commit into from
Sep 11, 2023
Merged

feat: support auth_type param #3487

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions selfservice/strategy/oidc/.schema/link.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@
"description": "The prompt specifies whether the Authorization Server prompts the End-User for reauthentication and consent (for example, select_account).",
"type": "string"
},
"auth_type": {
"description": "The `auth_type` parameter specifies the requested authentication features (as a comma-separated list).",
"type": "string"
},
"additionalProperties": false
}
}
Expand Down
2 changes: 2 additions & 0 deletions selfservice/strategy/oidc/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ func (c *Claims) Validate() error {
// - `login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session.
// - `hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`.
// - `prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`.
// - `auth_type` (string): The `auth_type` parameter specifies the requested authentication features (as a comma-separated list), e.g. `reauthenticate`.
func UpstreamParameters(provider Provider, upstreamParameters map[string]string) []oauth2.AuthCodeOption {
// validation of upstream parameters are already handled in the `oidc/.schema/link.schema.json` and `oidc/.schema/settings.schema.json` file.
// `upstreamParameters` will always only contain allowed parameters based on the configuration.
Expand All @@ -85,6 +86,7 @@ func UpstreamParameters(provider Provider, upstreamParameters map[string]string)
"login_hint": {},
"hd": {},
"prompt": {},
"auth_type": {},
jonas-jonas marked this conversation as resolved.
Show resolved Hide resolved
}

var params []oauth2.AuthCodeOption
Expand Down
2 changes: 2 additions & 0 deletions selfservice/strategy/oidc/strategy_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -730,6 +730,7 @@ func TestStrategy(t *testing.T) {
fv.Set("upstream_parameters.login_hint", "[email protected]")
fv.Set("upstream_parameters.hd", "ory.sh")
fv.Set("upstream_parameters.prompt", "select_account")
fv.Set("upstream_parameters.auth_type", "reauthenticate")

res, err := c.PostForm(action, fv)
require.NoError(t, err)
Expand All @@ -741,6 +742,7 @@ func TestStrategy(t *testing.T) {
require.Equal(t, "[email protected]", loc.Query().Get("login_hint"))
require.Equal(t, "ory.sh", loc.Query().Get("hd"))
require.Equal(t, "select_account", loc.Query().Get("prompt"))
require.Equal(t, "reauthenticate", loc.Query().Get("auth_type"))
})

t.Run("case=should pass when logging in", func(t *testing.T) {
Expand Down
Loading