openid: Adds errors for request and registration parameters

authorize_request_handler.go

@@ -92,6 +92,18 @@ func (c *Fosite) NewAuthorizeRequest(ctx context.Context, r *http.Request) (Auth
 	}
 	request.State = state
 
+	if len(request.Form.Get("request")) > 0 {
+		return request, errors.WithStack(ErrRequestNotSupported)
+	}
+
+	if len(request.Form.Get("request_uri")) > 0 {
+		return request, errors.WithStack(ErrRequestURINotSupported)
+	}
+
+	if len(request.Form.Get("registration")) > 0 {
+		return request, errors.WithStack(ErrRegistrationNotSupported)
+	}
+
 	// Remove empty items from arrays
 	request.SetRequestedScopes(scope)
 	return request, nil

errors.go

@@ -178,6 +178,21 @@ var (
 		Name:        errConsentRequired,
 		Code:        http.StatusBadRequest,
 	}
+	ErrRequestNotSupported = &RFC6749Error{
+		Description: "The OP does not support use of the request parameter",
+		Name:        errRequestNotSupportedName,
+		Code:        http.StatusBadRequest,
+	}
+	ErrRequestURINotSupported = &RFC6749Error{
+		Description: "The OP does not support use of the request_uri parameter",
+		Name:        errRequestURINotSupportedName,
+		Code:        http.StatusBadRequest,
+	}
+	ErrRegistrationNotSupported = &RFC6749Error{
+		Description: "The OP does not support use of the registration parameter",
+		Name:        errRegistrationNotSupportedName,
+		Code:        http.StatusBadRequest,
+	}
 )
 
 const (
@@ -209,6 +224,9 @@ const (
 	errAuthorizaionCodeInactiveName = "authorization_code_inactive"
 	errUnknownErrorName             = "error"
 	errRevokationClientMismatchName = "revokation_client_mismatch"
+	errRequestNotSupportedName      = "request_not_supported"
+	errRequestURINotSupportedName   = "request_uri_not_supported"
+	errRegistrationNotSupportedName = "registration_not_supported"
 )
 
 func ErrorToRFC6749Error(err error) *RFC6749Error {