headscale icon indicating copy to clipboard operation
headscale copied to clipboard
verified publisher icon juanfont

Add support for form_post OIDC callbacks

Open paxswill opened this issue 2 years ago • 1 comments

Why

Some OIDC providers only support response_mode=form_post for the callback (ex: Apple, which requires form_post when including the email scope).

Description

Instead of performinga GET with data encoded in query parameters, form_post tells the provider to perform a POST to the callback endpoint. The changes are pretty straightforward:

  • The callback handler needs to be configured to accept both GET and POST (right now it only accepts GET)
  • The implementation of the callback endpoint should be able to extract the code and state values from either the URL (as query parameters) or form data.

Sample/Test Implementation

I went and implemented these changes in a fork, and with these changes Sign in with Apple works where it would fail before with an unexpected 404 (technically should be a 405).

paxswill avatar Jan 28 '24 17:01 paxswill

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Apr 28 '24 01:04 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale.

github-actions[bot] avatar May 05 '24 01:05 github-actions[bot]