OpenID Connect Conformance Part 4 (#189)

Make the client_id during code exchange optional, as this is now an authenticated client.
unikorn-cloud · Feb 17, 2025 · f940c90 · f940c90
1 parent ea97025
commit f940c90
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/charts/identity/Chart.yaml b/charts/identity/Chart.yaml
@@ -4,8 +4,8 @@ description: A Helm chart for deploying Unikorn's IdP
 
 type: application
 
-version: v0.2.57-rc3
-appVersion: v0.2.57-rc3
+version: v0.2.57-rc4
+appVersion: v0.2.57-rc4
 
 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
 

diff --git a/pkg/oauth2/oauth2.go b/pkg/oauth2/oauth2.go
@@ -763,7 +763,6 @@ func tokenValidate(r *http.Request) error {
 	}
 
 	required := []string{
-		"client_id",
 		"client_secret",
 		"redirect_uri",
 		"code",
@@ -786,7 +785,7 @@ func tokenValidateCode(code *Code, r *http.Request) error {
 		return nil
 	}
 
-	if code.ClientID != r.Form.Get("client_id") {
+	if r.Form.Has("client_id") && code.ClientID != r.Form.Get("client_id") {
 		return errors.OAuth2InvalidGrant("client_id mismatch")
 	}