From 366cbbbac9dcce13a7980cf4dba58bf71719c2c2 Mon Sep 17 00:00:00 2001 From: Marcell Mars Date: Wed, 20 Nov 2024 12:05:28 +0100 Subject: [PATCH] add POST to /userinfo - from OpenID Core: - 5.3. Userinfo Endpoint: - The UserInfo Endpoint MUST support the use of the HTTP GET and HTTP POST methods - 5.3.1. Userinfo Request: - It is RECOMMENDED that the request use the HTTP GET method and the Access Token be sent using the Authorization header field. - minio sends POST request ignoring the recommendation --- routers/web/web.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/web/web.go b/routers/web/web.go index 137c67730652d..b96d06ed66eb6 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -561,7 +561,7 @@ func registerRoutes(m *web.Router) { m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth) }, optSignInIgnoreCsrf, reqSignIn) - m.Methods("GET, OPTIONS", "/userinfo", optionsCorsHandler(), optSignInIgnoreCsrf, auth.InfoOAuth) + m.Methods("GET, POST, OPTIONS", "/userinfo", optionsCorsHandler(), optSignInIgnoreCsrf, auth.InfoOAuth) m.Methods("POST, OPTIONS", "/access_token", optionsCorsHandler(), web.Bind(forms.AccessTokenForm{}), optSignInIgnoreCsrf, auth.AccessTokenOAuth) m.Methods("GET, OPTIONS", "/keys", optionsCorsHandler(), optSignInIgnoreCsrf, auth.OIDCKeys) m.Methods("POST, OPTIONS", "/introspect", optionsCorsHandler(), web.Bind(forms.IntrospectTokenForm{}), optSignInIgnoreCsrf, auth.IntrospectOAuth)