Skip to content

Commit

Permalink
fix: always request for consent if it is the device flow
Browse files Browse the repository at this point in the history
  • Loading branch information
@nsklikas
nsklikas committed Mar 27, 2024
1 parent a52324b commit 4b40dc2
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion consent/strategy_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -560,9 +560,13 @@ func (s *DefaultStrategy) requestConsent(
// The OpenID Connect Test Tool fails if this returns `consent_required` when `prompt=none` is used.
// According to the quote above, it should be ok to allow https to skip consent.
//
// Device initiated flows are never allowed to skip consent, the user must always implicitly authorize the device.
//
// This is tracked as issue: https://github.com/ory/hydra/issues/866
// This is also tracked as upstream issue: https://github.com/openid-certification/oidctest/issues/97
if !(ar.GetRedirectURI().Scheme == "https" || (fosite.IsLocalhost(ar.GetRedirectURI()) && ar.GetRedirectURI().Scheme == "http")) {
if f.DeviceChallengeID != "" {
return s.forwardConsentRequest(ctx, w, r, ar, f, nil)

Check warning on line 568 in consent/strategy_default.go

View check run for this annotation

Codecov / codecov/patch

consent/strategy_default.go#L568 

Added line #L568 was not covered by tests
} else if !(ar.GetRedirectURI().Scheme == "https" || (fosite.IsLocalhost(ar.GetRedirectURI()) && ar.GetRedirectURI().Scheme == "http")) {
return s.forwardConsentRequest(ctx, w, r, ar, f, nil)
}
}
Expand Down

0 comments on commit 4b40dc2

Please sign in to comment.