removing response_mode todo

bruno-ortiz · May 2, 2024 · e9090ee · e9090ee
1 parent d23404b
commit e9090ee
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 7 deletions.
diff --git a/core/src/authorisation_request.rs b/core/src/authorisation_request.rs
@@ -50,18 +50,22 @@ pub struct ValidatedAuthorisationRequest {
 }
 
 impl ValidatedAuthorisationRequest {
-    pub fn response_mode(&self, is_jarm_enabled: bool) -> ResponseMode {
+    pub fn response_mode(&self, is_jarm_enabled: bool) -> Result<ResponseMode, OpenIdError> {
         let response_type = &self.response_type;
         let response_mode = self
             .response_mode
             .as_ref()
             .cloned()
             .unwrap_or_else(|| response_type.default_response_mode());
         if is_jarm_enabled {
-            //TODO: server or client should enable jarm??
-            response_mode.upgrade(response_type)
+            Ok(response_mode.upgrade(response_type))
         } else {
-            response_mode
+            if response_mode.is_jwt() {
+                return Err(OpenIdError::invalid_request(
+                    "JWT response mode is not supported",
+                ));
+            }
+            Ok(response_mode)
         }
     }
 

diff --git a/core/src/services/authorisation.rs b/core/src/services/authorisation.rs
@@ -140,9 +140,7 @@ where
         );
         let auth_result = self.resolver.resolve(&context).await;
 
-        let response_mode = context
-            .request
-            .response_mode(self.provider.jwt_secure_response_mode());
+        let response_mode = self.get_response_mode(&context, &client)?;
         let (sig, enc) = self.prefetch_encoding_keys(&client, &response_mode).await?;
         let encoding_context = EncodingContext {
             client: &client,
@@ -208,6 +206,27 @@ where
         Ok(grant)
     }
 
+    fn get_response_mode(
+        &self,
+        context: &OpenIDContext<'_>,
+        client: &Arc<ClientInformation>,
+    ) -> Result<ResponseMode, AuthorisationError> {
+        let response_mode = context
+            .request
+            .response_mode(self.provider.jwt_secure_response_mode())
+            .map_err(|err| AuthorisationError::RedirectableErr {
+                err,
+                response_mode: context.request.response_type.default_response_mode(),
+                redirect_uri: context.request.redirect_uri.clone(),
+                state: context.request.state.clone(),
+                provider: self.provider.clone(),
+                signing_key: None,
+                encryption_key: None,
+                client: client.clone(),
+            })?;
+        Ok(response_mode)
+    }
+
     async fn handle_err(
         &self,
         err: InteractionError,

diff --git a/types/src/response_mode.rs b/types/src/response_mode.rs
@@ -24,6 +24,7 @@ impl ResponseMode {
             ResponseMode::Jwt => match response_type.default_response_mode() {
                 ResponseMode::Fragment => ResponseMode::FragmentJwt,
                 ResponseMode::Query => ResponseMode::QueryJwt,
+                ResponseMode::FormPost => ResponseMode::FormPostJwt,
                 _ => unreachable!("Invalid default response mode"),
             },
             _ => self,