Supported grant type check not following oidc spec
markusheiliger opened this issue · comments
Description
The oidc service checks the list of supported grant types returned by the provider discovery call. Based on the oidc spec this value is optional. If omitted, the supported grant types are: 'authorization_code' and 'implicit'
Expected Behavior
If the oidc provider omits the list of supported grant types, clutch should fall back to default set of supported grant types as stated in the oidc spec.
Actual Behavior
Implementation doesn't check for an empty list of supported grant types to do a fall back.
Version
commit 2689290
Other Context
n/a
@markusheiliger Thanks for the report! Do you by chance recall what error was returned? It should either be oidc: claims not set
or grant type 'authorization_code' not supported by provider
.
@danielhochman the check method returns grant type 'authorization_code' not supported by provider
which is wrong in this case. To make the scenario a little bit more concrete; I'm trying to get clutch running with Azure AD as oidc provider. However, Azure AD doesn't return any supported grant types during the discovery call. Which means clutch should fall back to the default list of supported grant types as Azure AD supports 'authorization_code'.