Commit 2509116
Fix Keycloak OIDC flow (calcom#27716)
Some OIDC providers like Keycloak (v18+) include an `iss` (issuer) parameter in the authentication response for security (as per RFC 9207). The oidc route was explicitly extracting only `code` and `state`, thus losing the `iss` parameter and other potential parameters like `session_state`. When Jackson passed the incomplete set of parameters to `openid-client`, the library failed validation with the error `invalid response encountered` because it expected the `iss` parameter to be present if the server supports it.
Fixes calcom#22238.
Co-authored-by: Sahitya Chandra <sahityajb@gmail.com>1 parent a8e27c3 commit 2509116
1 file changed
Lines changed: 5 additions & 7 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | | - | |
15 | | - | |
16 | | - | |
| 14 | + | |
17 | 15 | | |
18 | | - | |
| 16 | + | |
19 | 17 | | |
20 | 18 | | |
21 | 19 | | |
22 | 20 | | |
23 | 21 | | |
24 | 22 | | |
25 | | - | |
| 23 | + | |
26 | 24 | | |
27 | 25 | | |
28 | 26 | | |
| |||
33 | 31 | | |
34 | 32 | | |
35 | 33 | | |
36 | | - | |
| 34 | + | |
37 | 35 | | |
38 | 36 | | |
39 | 37 | | |
| |||
0 commit comments