From 1eec474abd68c97e414c5c06d48cc2713e5e3060 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Thu, 8 Sep 2016 08:26:15 +0000
Subject: [PATCH] Test token endpoint auth method (#1082)

---
 .../lib/Lemonldap/NG/Portal/_OpenIDConnect.pm             | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
index 6a08853ef..926720370 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
@@ -407,6 +407,11 @@ sub getAuthorizationCodeAccessToken {
       $self->{_oidcOPList}->{$op}->{conf}->{token_endpoint};
     my $grant_type = "authorization_code";
 
+    unless ( $auth_method =~ /^client_secret_(basic|post)$/o ) {
+        $self->lmLog( "Bad authentication method on token endpoint", 'error' );
+        return 0;
+    }
+
     $self->lmLog(
         "Using auth method $auth_method to token endpoint $access_token_uri",
         'debug' );
@@ -1148,8 +1153,7 @@ sub getAttributesListFromClaim {
     $attributes->{phone} = [qw/phone_number phone_number_verified/];
 
     # Additional claims
-    my $extraClaims =
-      $self->{oidcRPMetaDataOptionsExtraClaims}->{$rp};
+    my $extraClaims = $self->{oidcRPMetaDataOptionsExtraClaims}->{$rp};
 
     if ($extraClaims) {
         foreach my $claim ( keys %$extraClaims ) {