Move hidden fields from view to pre_authorization, for supporting other parameters. #420
Conversation
| @@ -36,6 +36,16 @@ def error_response | |||
| Doorkeeper::OAuth::ErrorResponse.from_request(self) | |||
| end | |||
|
|
|||
| def hidden_fields | |||
| { | |||
| client_id: client.uid, | |||
There was a problem hiding this comment.
Use 2 spaces for indentation in a hash, relative to the start of the line where the left curly brace is.
|
With this change you'd need to override/monkey patch $ rails g doorkeeper:views
create app/views/doorkeeper/applications
create app/views/doorkeeper/applications/_delete_form.html.erb
create app/views/doorkeeper/applications/_form.html.erb
create app/views/doorkeeper/applications/edit.html.erb
create app/views/doorkeeper/applications/index.html.erb
create app/views/doorkeeper/applications/new.html.erb
...Closing for now, willing to continue discussion for sure. Thank you for your work and willing to share! |
|
@tute follow-up to my comment in #897: I've now implemented nonces in doorkeeper-openid_connect by extending certain Doorkeeper classes (switching to So since I'm already monkey-patching, the current solution in this PR seems acceptable to me, and I think overriding the view would only make things more complicated for end-users of my gem. Would you be willing to merge this as is? |
Currently, authorizations/new view has hardwired
hidden_field_tags, used to pass parameters, such as scope and state, between authN and authZ.I also trying to support OpenID Connect on this Doorkeeper, so I want to pass a new parameter
nonce.Using my changes, we can easily pass the new parameter and can avoid overriding/repeating code.