Throw if OpenID provider doesn't support code flow (#9862)

2026-04-03 03:00:39 -04:00 · 2021-11-20 18:53:22 +01:00
parent a920041c5b
commit c842b77352
1 changed files with 9 additions and 0 deletions
--- a/api/src/auth/drivers/openid.ts
+++ b/api/src/auth/drivers/openid.ts
@@ -36,6 +36,15 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
 		this.client = new Promise((resolve, reject) => {
 			Issuer.discover(issuerUrl)
 				.then((issuer) => {
+					const supportedTypes = issuer.metadata.response_types_supported as string[] | undefined;
+					if (!supportedTypes?.includes('code')) {
+						reject(
+							new InvalidConfigException('OpenID provider does not support required code flow', {
+								provider: additionalConfig.provider,
+							})
+						);
+					}
+
 					resolve(
 						new issuer.Client({
 							client_id: clientId,