From 6bf810f9178e1b4bbe56d61c141d0aa39f7ef02f Mon Sep 17 00:00:00 2001
From: Newman Chow <newman@oursky.com>
Date: Mon, 4 Mar 2024 15:05:08 +0800
Subject: [PATCH] Remove client config usage for response types whitelist #3813

---
 pkg/lib/oauth/handler/handler_authz.go | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/pkg/lib/oauth/handler/handler_authz.go b/pkg/lib/oauth/handler/handler_authz.go
index 0564b8eeea..cc10580890 100644
--- a/pkg/lib/oauth/handler/handler_authz.go
+++ b/pkg/lib/oauth/handler/handler_authz.go
@@ -31,9 +31,9 @@ const (
 	SettingsActonResponseType = "urn:authgear:params:oauth:response-type:settings-action"
 )
 
-// whiteslistedResponseTypes is a list of response types that would be always allowed
+// whitelistedResponseTypes is a list of response types that would be always allowed
 // to all clients.
-var whiteslistedResponseTypes = []string{
+var whitelistedResponseTypes = []string{
 	CodeResponseType,
 	NoneResponseType,
 	SettingsActonResponseType,
@@ -566,14 +566,8 @@ func (h *AuthorizationHandler) validateRequest(
 	client *config.OAuthClientConfig,
 	r protocol.AuthorizationRequest,
 ) error {
-	allowedResponseTypes := client.ResponseTypes
-	if len(allowedResponseTypes) == 0 {
-		allowedResponseTypes = []string{"code"}
-	}
-	allowedResponseTypes = append(allowedResponseTypes, whiteslistedResponseTypes...)
-
 	ok := false
-	for _, respType := range allowedResponseTypes {
+	for _, respType := range whitelistedResponseTypes {
 		if respType == r.ResponseType() {
 			ok = true
 			break