From a37f542e60cc6ea9a17abb112b4df73aad94226d Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Fri, 6 Aug 2021 13:55:45 +0200
Subject: [PATCH] set the response_{modes,types}_supported fields in the
 discovery document

---
 .../src/handlers/oauth2/discovery.rs          | 29 +++++++++++++++++--
 oauth2-types/src/oidc.rs                      |  4 +--
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/matrix-authentication-service/src/handlers/oauth2/discovery.rs b/matrix-authentication-service/src/handlers/oauth2/discovery.rs
index ac4254c0c..0d5a5107e 100644
--- a/matrix-authentication-service/src/handlers/oauth2/discovery.rs
+++ b/matrix-authentication-service/src/handlers/oauth2/discovery.rs
@@ -12,7 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use oauth2_types::oidc::Metadata;
+use std::collections::HashSet;
+
+use oauth2_types::{oidc::Metadata, requests::ResponseMode};
 use warp::{Filter, Rejection, Reply};
 
 use crate::config::OAuth2Config;
@@ -21,6 +23,27 @@ pub(super) fn filter(
     config: &OAuth2Config,
 ) -> impl Filter<Extract = (impl Reply,), Error = Rejection> + Clone + Send + Sync + 'static {
     let base = config.issuer.clone();
+
+    let response_modes_supported = Some({
+        let mut s = HashSet::new();
+        s.insert(ResponseMode::FormPost);
+        s.insert(ResponseMode::Query);
+        s.insert(ResponseMode::Fragment);
+        s
+    });
+
+    let response_types_supported = Some({
+        let mut s = HashSet::new();
+        s.insert("code".to_string());
+        s.insert("token".to_string());
+        s.insert("id_token".to_string());
+        s.insert("code token".to_string());
+        s.insert("code id_token".to_string());
+        s.insert("token id_token".to_string());
+        s.insert("code token id_token".to_string());
+        s
+    });
+
     let metadata = Metadata {
         authorization_endpoint: base.join("oauth2/authorize").ok(),
         token_endpoint: base.join("oauth2/token").ok(),
@@ -28,8 +51,8 @@ pub(super) fn filter(
         issuer: base,
         registration_endpoint: None,
         scopes_supported: None,
-        response_types_supported: None,
-        response_modes_supported: None,
+        response_types_supported,
+        response_modes_supported,
         grant_types_supported: None,
         code_challenge_methods_supported: None,
     };
diff --git a/oauth2-types/src/oidc.rs b/oauth2-types/src/oidc.rs
index f991c82f6..cf78a168e 100644
--- a/oauth2-types/src/oidc.rs
+++ b/oauth2-types/src/oidc.rs
@@ -20,7 +20,7 @@ use url::Url;
 
 use crate::{
     pkce::CodeChallengeMethod,
-    requests::{GrantType, ResponseMode, ResponseType},
+    requests::{GrantType, ResponseMode},
 };
 
 // TODO: https://datatracker.ietf.org/doc/html/rfc8414#section-2
@@ -50,7 +50,7 @@ pub struct Metadata {
 
     /// JSON array containing a list of the OAuth 2.0 "response_type" values
     /// that this authorization server supports.
-    pub response_types_supported: Option<HashSet<ResponseType>>,
+    pub response_types_supported: Option<HashSet<String>>,
 
     /// JSON array containing a list of the OAuth 2.0 "response_mode" values
     /// that this authorization server supports, as specified in "OAuth 2.0