diff options
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Social.pm | 4 | ||||
| -rw-r--r-- | perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm (renamed from perllib/OIDC/Lite/Client/WebServer/Azure.pm) | 13 |
2 files changed, 10 insertions, 7 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Social.pm b/perllib/FixMyStreet/App/Controller/Auth/Social.pm index 06e67573f..54cf35315 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Social.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Social.pm @@ -6,7 +6,7 @@ BEGIN { extends 'Catalyst::Controller'; } use Net::Facebook::Oauth2; use Net::Twitter::Lite::WithAPIv1_1; -use OIDC::Lite::Client::WebServer::Azure; +use OIDC::Lite::Client::WebServer::AuthCodeFlow; use URI::Escape; use mySociety::AuthToken; @@ -167,7 +167,7 @@ sub oidc : Private { my $config = $c->cobrand->feature('oidc_login'); - OIDC::Lite::Client::WebServer::Azure->new( + OIDC::Lite::Client::WebServer::AuthCodeFlow->new( id => $config->{client_id}, secret => $config->{secret}, authorize_uri => $config->{auth_uri}, diff --git a/perllib/OIDC/Lite/Client/WebServer/Azure.pm b/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm index b19dce90e..33a9a788f 100644 --- a/perllib/OIDC/Lite/Client/WebServer/Azure.pm +++ b/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm @@ -1,4 +1,4 @@ -package OIDC::Lite::Client::WebServer::Azure; +package OIDC::Lite::Client::WebServer::AuthCodeFlow; use strict; use warnings; @@ -8,12 +8,15 @@ use OIDC::Lite::Client::IDTokenResponseParser; =head1 NAME -OIDC::Lite::Client::WebServer::Azure - extension to auth against Azure AD B2C +OIDC::Lite::Client::WebServer::AuthCodeFlow - extension to auth against an +identity provider using the authorization code flow, such as Azure AD B2C or +Google OAuth 2.0. +More info: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowSteps OIDC::Lite doesn't appear to support the authorisation code flow to get an -ID token - only an access token. Azure returns all its claims in the id_token -and doesn't support a UserInfo endpoint, so this extension adds support for -parsing the id_token when calling get_access_token. +ID token - only an access token. This flow returns all its claims in the id_token +(and may not support a UserInfo endpoint e.g. Azure AD B2C), so this extension +adds support for parsing the id_token when calling get_access_token. =cut |