blob: 33a9a788f0ee309f99ed02eb70d46fb14c474544 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
package OIDC::Lite::Client::WebServer::AuthCodeFlow;
use strict;
use warnings;
use parent 'OIDC::Lite::Client::WebServer';
use OIDC::Lite::Client::IDTokenResponseParser;
=head1 NAME
OIDC::Lite::Client::WebServer::AuthCodeFlow - extension to auth against an
identity provider using the authorization code flow, such as Azure AD B2C or
Google OAuth 2.0.
More info: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowSteps
OIDC::Lite doesn't appear to support the authorisation code flow to get an
ID token - only an access token. This flow returns all its claims in the id_token
(and may not support a UserInfo endpoint e.g. Azure AD B2C), so this extension
adds support for parsing the id_token when calling get_access_token.
=cut
=head2 new
Overrides response_parser so that get_access_token returns a
L<OIDC::Lite::Model::IDToken> object.
NB this does not perform any verification of the id_token. It's assumed to be
safe as it's come directly from the OpenID IdP and not an untrusted user's
browser.
=cut
sub new {
my $self = shift->next::method(@_);
$self->{response_parser} = OIDC::Lite::Client::IDTokenResponseParser->new;
return $self;
}
1;
|
