diff options
| author | Marcell Mars <ki.ber@kom.uni.st> | 2024-11-20 15:22:48 +0100 |
|---|---|---|
| committer | Earl Warren <contact@earl-warren.org> | 2024-11-24 11:22:40 +0100 |
| commit | 262c48409b1224e3f6dc63c8d1e04fef0e0cf2c0 (patch) | |
| tree | 8b3d3ae8afba44593825b3a3e8ae848f6a80f3af /routers | |
| parent | Remove duplicate empty repo check in delete branch API (#32569) (diff) | |
| download | forgejo-262c48409b1224e3f6dc63c8d1e04fef0e0cf2c0.tar.xz forgejo-262c48409b1224e3f6dc63c8d1e04fef0e0cf2c0.zip | |
Support HTTP POST requests to `/userinfo`, aligning to OpenID Core specification (#32578)
This PR adds support for the HTTP POST requests to `/userinfo` endpoint.
While the OpenID Core specification says both are supported and
recommends using HTTP GET.
ref: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
(cherry picked from commit 56bff7ae234ee21d0e4524e401a49385c383ccaf)
Conflicts:
routers/web/web.go
trivial context conflict
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/web/web.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/routers/web/web.go b/routers/web/web.go index 1a764103fc..fdfda68b1e 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -530,7 +530,7 @@ func registerRoutes(m *web.Route) { m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth) }, ignSignInAndCsrf, reqSignIn) - m.Methods("GET, OPTIONS", "/userinfo", optionsCorsHandler(), ignSignInAndCsrf, auth.InfoOAuth) + m.Methods("GET, POST, OPTIONS", "/userinfo", optionsCorsHandler(), ignSignInAndCsrf, auth.InfoOAuth) m.Methods("POST, OPTIONS", "/access_token", optionsCorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth) m.Methods("GET, OPTIONS", "/keys", optionsCorsHandler(), ignSignInAndCsrf, auth.OIDCKeys) m.Methods("POST, OPTIONS", "/introspect", optionsCorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth) |