lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.2.0 vs lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.3.0

- old
+ new

@@ -90,9 +90,17 @@ redirect_response_error("invalid_request") unless check_valid_access_type? && check_valid_approval_prompt? try_approval_prompt if use_oauth_access_type? && request.get? redirect_response_error("invalid_scope") if (request.post? || param_or_nil("scope")) && !check_valid_scopes? + + response_mode = param_or_nil("response_mode") + + redirect_response_error("invalid_request") unless response_mode.nil? || oauth_response_modes_supported.include?(response_mode) + end + + def check_valid_scopes?(scp = scopes) + super(scp - %w[offline_access]) end def check_valid_response_type? false end