Throws an error when an unsupported response_type is used.

Homesnap · Mar 25, 2017 · 270b506 · 270b506
1 parent 98c8fbf
commit 270b506
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 1 deletion.
diff --git a/Source/OIDAuthorizationRequest.m b/Source/OIDAuthorizationRequest.m
@@ -19,6 +19,7 @@
 #import "OIDAuthorizationRequest.h"
 
 #import "OIDDefines.h"
+#import "OIDError.h"
 #import "OIDScopeUtilities.h"
 #import "OIDServiceConfiguration.h"
 #import "OIDTokenUtilities.h"
@@ -80,6 +81,13 @@
  */
 static NSUInteger const kCodeVerifierBytes = 32;
 
+/*! @brief Exception text for unsupported response types.
+ */
+static NSString *const OIDOAuthExceptionUnsupportedResponseTypeMessage =
+    @"The response_type \"%@\" isn't supported. AppAuth only supports the \"code\" response_type.";
+
+/*! @brief Code challenge request method.
+ */
 NSString *const OIDOAuthorizationRequestCodeChallengeMethodS256 = @"S256";
 
 @implementation OIDAuthorizationRequest
@@ -114,6 +122,12 @@ - (instancetype)initWithConfiguration:(OIDServiceConfiguration *)configuration
     _scope = [scope copy];
     _redirectURL = [redirectURL copy];
     _responseType = [responseType copy];
+    if (![_responseType isEqualToString:OIDResponseTypeCode]) {
+      // AppAuth only supports the `code` response type.
+      // Discussion: https://github.com/openid/AppAuth-iOS/issues/98
+      [NSException raise:OIDOAuthExceptionUnsupportedResponseType
+                  format:OIDOAuthExceptionUnsupportedResponseTypeMessage, _responseType, nil];
+    }
     _state = [state copy];
     _codeVerifier = [codeVerifier copy];
     _codeChallenge = [codeChallenge copy];

diff --git a/Source/OIDError.h b/Source/OIDError.h
@@ -378,4 +378,8 @@ typedef NS_ENUM(NSInteger, OIDErrorCodeOAuthRegistration) {
  */
 extern NSString *const OIDOAuthExceptionInvalidAuthorizationFlow;
 
+/*! @brief Exception for unsupported response types.
+ */
+extern NSString *const OIDOAuthExceptionUnsupportedResponseType;
+
 NS_ASSUME_NONNULL_END
diff --git a/Source/OIDError.m b/Source/OIDError.m
@@ -33,6 +33,8 @@
 NSString *const OIDOAuthExceptionInvalidAuthorizationFlow = @"An OAuth redirect was sent to a "
     "OIDAuthorizationFlowSession after it already completed.";
 
+NSString *const OIDOAuthExceptionUnsupportedResponseType = @"Unsupported response type";
+
 NSString *const OIDOAuthErrorResponseErrorKey = @"OIDOAuthErrorResponseErrorKey";
 
 NSString *const OIDOAuthErrorFieldError = @"error";

diff --git a/UnitTests/OIDAuthorizationRequestTests.m b/UnitTests/OIDAuthorizationRequestTests.m
@@ -25,7 +25,7 @@
 
 /*! @brief Test value for the @c responseType property.
  */
-static NSString *const kTestResponseType = @"ResponseType";
+static NSString *const kTestResponseType = @"code";
 
 /*! @brief Test value for the @c clientID property.
  */
@@ -403,4 +403,55 @@ - (void)testPKCEVerifierRecommendations {
                  @"The spec RECOMMENDS a '43-octet URL safe string'");
 }
 
+- (void)testSupportedResponseTypes {
+  NSDictionary *additionalParameters =
+      @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue };
+  OIDServiceConfiguration *configuration = [OIDServiceConfigurationTests testInstance];
+
+  NSString *scope = [OIDScopeUtilities scopesWithArray:@[ kTestScope, kTestScopeA ]];
+
+  XCTAssertThrows(
+      [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
+                      clientId:kTestClientID
+                  clientSecret:kTestClientSecret
+                        scope:scope
+                  redirectURL:[NSURL URLWithString:kTestRedirectURL]
+                  responseType:@"code id_token"
+                         state:kTestState
+                  codeVerifier:kTestCodeVerifier
+                 codeChallenge:[[self class] codeChallenge]
+           codeChallengeMethod:[[self class] codeChallengeMethod]
+          additionalParameters:additionalParameters]
+  );
+
+  XCTAssertThrows(
+      [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
+                      clientId:kTestClientID
+                  clientSecret:kTestClientSecret
+                        scope:scope
+                  redirectURL:[NSURL URLWithString:kTestRedirectURL]
+                  responseType:@"code token id_token"
+                         state:kTestState
+                  codeVerifier:kTestCodeVerifier
+                 codeChallenge:[[self class] codeChallenge]
+           codeChallengeMethod:[[self class] codeChallengeMethod]
+          additionalParameters:additionalParameters]
+  );
+
+ XCTAssertNoThrow(
+      [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
+                      clientId:kTestClientID
+                  clientSecret:kTestClientSecret
+                        scope:scope
+                  redirectURL:[NSURL URLWithString:kTestRedirectURL]
+                  responseType:@"code"
+                         state:kTestState
+                  codeVerifier:kTestCodeVerifier
+                 codeChallenge:[[self class] codeChallenge]
+           codeChallengeMethod:[[self class] codeChallengeMethod]
+          additionalParameters:additionalParameters]
+  );
+
+}
+
 @end