Remove client config usage for response types whitelist authgear#3813

IniZio · Mar 4, 2024 · 3cc8270 · 3cc8270
1 parent 4e7b9b0
commit 3cc8270
Showing 1 changed file with 3 additions and 9 deletions.
diff --git a/pkg/lib/oauth/handler/handler_authz.go b/pkg/lib/oauth/handler/handler_authz.go
@@ -31,9 +31,9 @@ const (
 	SettingsActonResponseType = "urn:authgear:params:oauth:response-type:settings-action"
 )
 
-// whiteslistedResponseTypes is a list of response types that would be always allowed
+// whitelistedResponseTypes is a list of response types that would be always allowed
 // to all clients.
-var whiteslistedResponseTypes = []string{
+var whitelistedResponseTypes = []string{
 	CodeResponseType,
 	NoneResponseType,
 	SettingsActonResponseType,
@@ -566,14 +566,8 @@ func (h *AuthorizationHandler) validateRequest(
 	client *config.OAuthClientConfig,
 	r protocol.AuthorizationRequest,
 ) error {
-	allowedResponseTypes := client.ResponseTypes
-	if len(allowedResponseTypes) == 0 {
-		allowedResponseTypes = []string{"code"}
-	}
-	allowedResponseTypes = append(allowedResponseTypes, whiteslistedResponseTypes...)
-
 	ok := false
-	for _, respType := range allowedResponseTypes {
+	for _, respType := range whitelistedResponseTypes {
 		if respType == r.ResponseType() {
 			ok = true
 			break