lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.2.0 vs lib/rodauth/features/oauth_authorize_base.rb in rodauth-oauth-1.3.0
- old
+ new
@@ -90,9 +90,17 @@
redirect_response_error("invalid_request") unless check_valid_access_type? && check_valid_approval_prompt?
try_approval_prompt if use_oauth_access_type? && request.get?
redirect_response_error("invalid_scope") if (request.post? || param_or_nil("scope")) && !check_valid_scopes?
+
+ response_mode = param_or_nil("response_mode")
+
+ redirect_response_error("invalid_request") unless response_mode.nil? || oauth_response_modes_supported.include?(response_mode)
+ end
+
+ def check_valid_scopes?(scp = scopes)
+ super(scp - %w[offline_access])
end
def check_valid_response_type?
false
end