lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.0.0.pre.beta1 vs lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.0.0.pre.beta2

@@ -21,10 +21,12 @@
     translatable_method :authorize_page_lead, "The application %<name>s would like to access your data"
     translatable_method :oauth_grants_scopes_label, "Scopes"
     translatable_method :oauth_applications_contacts_label, "Contacts"
     translatable_method :oauth_applications_tos_uri_label, "Terms of service URL"
     translatable_method :oauth_applications_policy_uri_label, "Policy URL"
+    translatable_method :oauth_unsupported_response_type_message, "Unsupported response type"
+    translatable_method :oauth_authorize_parameter_required, "'%<parameter>s' is a required parameter"
 
     # /authorize
     auth_server_route(:authorize) do |r|
       require_authorizable_account
       before_authorize_route
@@ -63,11 +65,11 @@
     private
 
     def validate_authorize_params
       redirect_response_error("invalid_request", request.referer || default_redirect) unless oauth_application && check_valid_redirect_uri?
 
-      redirect_response_error("invalid_request") unless check_valid_response_type?
+      redirect_response_error("unsupported_response_type") unless check_valid_response_type?
 
       redirect_response_error("invalid_request") unless check_valid_access_type? && check_valid_approval_prompt?
 
       try_approval_prompt if use_oauth_access_type? && request.get?
 
@@ -77,11 +79,19 @@
     def check_valid_response_type?
       false
     end
 
     def check_valid_redirect_uri?
-      oauth_application[oauth_applications_redirect_uri_column].split(" ").include?(redirect_uri)
+      application_redirect_uris = oauth_application[oauth_applications_redirect_uri_column].split(" ")
+
+      if (redirect_uri = param_or_nil("redirect_uri"))
+        application_redirect_uris.include?(redirect_uri)
+      else
+        set_error_flash(oauth_authorize_parameter_required(parameter: "redirect_uri")) if application_redirect_uris.size > 1
+
+        true
+      end
     end
 
     ACCESS_TYPES = %w[offline online].freeze
 
     def check_valid_access_type?
@@ -138,13 +148,13 @@
 
       generate_token(oauth_grant, should_generate_refresh_token)
     end
 
     def create_oauth_grant(create_params = {})
-      create_params[oauth_grants_oauth_application_id_column] = oauth_application[oauth_applications_id_column]
-      create_params[oauth_grants_redirect_uri_column] = redirect_uri
-      create_params[oauth_grants_expires_in_column] = Sequel.date_add(Sequel::CURRENT_TIMESTAMP, seconds: oauth_grant_expires_in)
-      create_params[oauth_grants_scopes_column] = scopes.join(oauth_scope_separator)
+      create_params[oauth_grants_oauth_application_id_column] ||= oauth_application[oauth_applications_id_column]
+      create_params[oauth_grants_redirect_uri_column] ||= redirect_uri
+      create_params[oauth_grants_expires_in_column] ||= Sequel.date_add(Sequel::CURRENT_TIMESTAMP, seconds: oauth_grant_expires_in)
+      create_params[oauth_grants_scopes_column] ||= scopes.join(oauth_scope_separator)
 
       if use_oauth_access_type? && (access_type = param_or_nil("access_type"))
         create_params[oauth_grants_access_type_column] = access_type
       end