add support for response_mode=form_post

2026-05-20 03:49:53 +00:00 · 2026-03-04 13:21:44 +01:00
parent 27ca713cd4
commit 1ea5eec7d2
7 changed files with 86 additions and 11 deletions
--- a/frontend/src/lib/services/oidc-service.ts
+++ b/frontend/src/lib/services/oidc-service.ts
@@ -22,7 +22,8 @@ class OidcService extends APIService {
 		nonce?: string,
 		codeChallenge?: string,
 		codeChallengeMethod?: string,
-		reauthenticationToken?: string
+		reauthenticationToken?: string,
+		responseMode?: string
 	) => {
 		const res = await this.api.post('/oidc/authorize', {
 			scope,
@@ -31,7 +32,8 @@ class OidcService extends APIService {
 			clientId,
 			codeChallenge,
 			codeChallengeMethod,
-			reauthenticationToken
+			reauthenticationToken,
+			responseMode
 		});

 		return res.data as AuthorizeResponse;
--- a/frontend/src/routes/authorize/+page.svelte
+++ b/frontend/src/routes/authorize/+page.svelte
@@ -20,7 +20,7 @@
 	const oidService = new OidcService();

 	let { data }: PageProps = $props();
-	let { client, scope, callbackURL, nonce, codeChallenge, codeChallengeMethod, authorizeState } =
+	let { client, scope, callbackURL, nonce, codeChallenge, codeChallengeMethod, authorizeState, responseMode } =
 		data;

 	let isLoading = $state(false);
@@ -79,7 +79,8 @@
 					nonce,
 					codeChallenge,
 					codeChallengeMethod,
-					reauthToken
+					reauthToken,
+					responseMode
 				)
 				.then(async ({ code, callbackURL, issuer }) => {
 					onSuccess(code, callbackURL, issuer);
@@ -93,12 +94,46 @@
 	function onSuccess(code: string, callbackURL: string, issuer: string) {
 		success = true;
 		setTimeout(() => {
-			const redirectURL = new URL(callbackURL);
-			redirectURL.searchParams.append('code', code);
-			redirectURL.searchParams.append('state', authorizeState);
-			redirectURL.searchParams.append('iss', issuer);
+			if (responseMode === 'form_post') {
+				// Create a hidden form and submit it via POST
+				const form = document.createElement('form');
+				form.method = 'POST';
+				form.action = callbackURL;

-			window.location.href = redirectURL.toString();
+				// Add code parameter
+				const codeInput = document.createElement('input');
+				codeInput.type = 'hidden';
+				codeInput.name = 'code';
+				codeInput.value = code;
+				form.appendChild(codeInput);
+
+				// Add state parameter
+				if (authorizeState) {
+					const stateInput = document.createElement('input');
+					stateInput.type = 'hidden';
+					stateInput.name = 'state';
+					stateInput.value = authorizeState;
+					form.appendChild(stateInput);
+				}
+
+				// Add issuer parameter
+				const issInput = document.createElement('input');
+				issInput.type = 'hidden';
+				issInput.name = 'iss';
+				issInput.value = issuer;
+				form.appendChild(issInput);
+
+				document.body.appendChild(form);
+				form.submit();
+			} else {
+				// Default query parameter redirect (response_mode=query or not specified)
+				const redirectURL = new URL(callbackURL);
+				redirectURL.searchParams.append('code', code);
+				redirectURL.searchParams.append('state', authorizeState);
+				redirectURL.searchParams.append('iss', issuer);
+
+				window.location.href = redirectURL.toString();
+			}
 		}, 1000);
 	}
 </script>
--- a/frontend/src/routes/authorize/+page.ts
+++ b/frontend/src/routes/authorize/+page.ts
@@ -14,6 +14,7 @@ export const load: PageLoad = async ({ url }) => {
 		callbackURL: url.searchParams.get('redirect_uri')!,
 		client,
 		codeChallenge: url.searchParams.get('code_challenge')!,
-		codeChallengeMethod: url.searchParams.get('code_challenge_method')!
+		codeChallengeMethod: url.searchParams.get('code_challenge_method')!,
+		responseMode: url.searchParams.get('response_mode') || 'query'
 	};
 };