Prefix form_post response parameter keys in Velocity context
Basics
Logistics
Basics
Logistics
Description
When response_mode=form_post is used in authorization/authentication requests, OP will populate Velocity context and uses templates/oidc-form-post.vm for creating the response to be posted. Currently all the response message object parameters are populated to the Velocity context with the same keys so that for instance the parameter code in successful authorization response message is available as ${code}in the Velocity template.
The JARM [1] spec (that we don’t yet implement) uses response parameter for communicating the JWT responses via form. It’s colliding with the variable that we use for HttpServletResponses in all Velocity templates. A straightforward way to avoid this would be to add a prefix to all response object parameters and update the template accordingly.
When
response_mode=form_postis used in authorization/authentication requests, OP will populate Velocity context and usestemplates/oidc-form-post.vmfor creating the response to be posted. Currently all the response message object parameters are populated to the Velocity context with the same keys so that for instance the parametercodein successful authorization response message is available as${code}in the Velocity template.The JARM [1] spec (that we don’t yet implement) uses
responseparameter for communicating the JWT responses via form. It’s colliding with the variable that we use forHttpServletResponses in all Velocity templates. A straightforward way to avoid this would be to add a prefix to all response object parameters and update the template accordingly.[1]