inrupt
Default OIDC Discovery values not set
Search terms you've used
oidc, openid, default
Impacted package
Which packages do you think might be impacted by the bug ?
- [x] solid-client-authn-browser
- [x] solid-client-authn-node
- [x] solid-client-authn-core
- [ ] oidc-client-ext
- [ ] Other (please specify): ...
Bug description
When loading the OIDC Discovery data from the .well-known/openid-configuration endpoint of an Identity Provider, the solid-client-authn-core package does not seem to add some defaults of the provider metadata.
To Reproduce
- Use a discovery configuration file with no
grant_types_supportedparameter. - Try to log in using the
solid-client-authn-browserpackage (not tested forsolid-client-authn-node), with client credentials (other flows trigger Dynamic Registration, which does not check for the left-out parameter.)
Expected result
The AggregateOidcHandler succeeds in AuthorizationCodeWithPkceOidcHandler because the grant_types_supported parameter falls back to the default.
Actual result
The AggregateOidcHandler fails, because the AuthorizationCodeWithPkceOidcHandler returns false, since there is not grant_types_supported parameter set.
Additional information
The default value for the grant_types_supported parameter should be ["authorization_code", "implicit"]. Not sure which other defaults are missing.
Thanks for reporting this. I'll try to fix as soon as possible, and I'll check for other values optional as per the spec that we may expect to be necessarily present.
