From 219cd458480e3526380504c879807475e6818830 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 4 Mar 2021 12:34:31 +0100 Subject: [PATCH] feat: allow control of which errors flow back to client's redirect_uri See https://github.com/panva/node-oidc-provider/blob/v7.x/recipes/skip_redirect.md See b591d7f0 --- recipes/README.md | 5 +++-- recipes/{skip-consent.md => skip_consent.md} | 0 recipes/skip_redirect.md | 11 +++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) rename recipes/{skip-consent.md => skip_consent.md} (100%) create mode 100644 recipes/skip_redirect.md diff --git a/recipes/README.md b/recipes/README.md index 1156ad987..e2139fac2 100644 --- a/recipes/README.md +++ b/recipes/README.md @@ -11,12 +11,13 @@ If you or your business use oidc-provider, or you need help using/upgrading the --- +- [Allowing HTTP and/or localhost for implicit response types](implicit_http_localhost.md) - [Claim configuration](claim_configuration.md) - [Client-based CORS origins](client_based_origins.md) - [Decentralized claims](decentralized_claims.md) - [Redirect URI wildcards](redirect_uri_wildcards.md) -- [Allowing HTTP and/or localhost for implicit response types](implicit_http_localhost.md) -- [Skipping consent](skip-consent.md) +- [Skipping consent](skip_consent.md) +- [Render instead Redirect on invalid_request](skip_redirect.md) - ... got something worthy of being here? Submit a PR with a new recipe to help others. [support-sponsor]: https://github.com/sponsors/panva diff --git a/recipes/skip-consent.md b/recipes/skip_consent.md similarity index 100% rename from recipes/skip-consent.md rename to recipes/skip_consent.md diff --git a/recipes/skip_redirect.md b/recipes/skip_redirect.md new file mode 100644 index 000000000..beeaf9901 --- /dev/null +++ b/recipes/skip_redirect.md @@ -0,0 +1,11 @@ +# Render invalid_request errors + +- built for version: ^7.1.0 + +```js +const { errors } = require('oidc-provider); +Object.defineProperty(errors.InvalidRequest.prototype, 'allow_redirect', { value: false }); +``` + +This will make all `invalid_request` errors that would normally redirect back to the +client's redirect_uri (when conditions allow) render instead.