dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OIDC: Return error if multiple client auth used (#2474)

Browse Source
This commit is contained in:
Maxime Besson 2021-02-24 11:43:49 +01:00
parent 165f8cf313
commit 2d7f9e34a6
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
View File

@ -1374,6 +1374,12 @@ sub getEndPointAuthenticationCredentials {
split( /:/, decode_base64($1) );
};
$self->logger->error("Bad authentication header: $@") if ($@);
# Using multiple methods is an error
if ($req->param('client_id')) {
$self->logger->error("Multiple client authentication methods used");
( $client_id, $client_secret ) = (undef, undef);
}
}
elsif ( $req->param('client_id') and $req->param('client_secret') ) {
$self->logger->debug("Method client_secret_post used");