Merge tag 'v3.1' into fiksgatami-devfiksgatami-dev

1 files changed, 42 insertions, 0 deletions

diff --git a/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm b/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm
new file mode 100644
index 000000000..33a9a788f
--- /dev/null
+++ b/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm
@@ -0,0 +1,42 @@
+package OIDC::Lite::Client::WebServer::AuthCodeFlow;
+
+use strict;
+use warnings;
+use parent 'OIDC::Lite::Client::WebServer';
+
+use OIDC::Lite::Client::IDTokenResponseParser;
+
+=head1 NAME
+
+OIDC::Lite::Client::WebServer::AuthCodeFlow - extension to auth against an
+identity provider using the authorization code flow, such as Azure AD B2C or
+Google OAuth 2.0.
+More info: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowSteps
+
+OIDC::Lite doesn't appear to support the authorisation code flow to get an
+ID token - only an access token. This flow returns all its claims in the id_token
+(and may not support a UserInfo endpoint e.g. Azure AD B2C), so this extension
+adds support for parsing the id_token when calling get_access_token.
+
+=cut
+
+=head2 new
+
+Overrides response_parser so that get_access_token returns a
+L<OIDC::Lite::Model::IDToken> object.
+
+NB this does not perform any verification of the id_token. It's assumed to be
+safe as it's come directly from the OpenID IdP and not an untrusted user's
+browser.
+
+=cut
+
+sub new {
+    my $self = shift->next::method(@_);
+
+    $self->{response_parser} = OIDC::Lite::Client::IDTokenResponseParser->new;
+
+    return $self;
+}
+
+1;