feat(oidc): implicit consent (#4080)

This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.

1 files changed, 6 insertions, 6 deletions

diff --git a/internal/handlers/handler_verify_test.go b/internal/handlers/handler_verify_test.go
index 304339ed6..a0ef56858 100644
--- a/internal/handlers/handler_verify_test.go
+++ b/internal/handlers/handler_verify_test.go
@@ -851,7 +851,7 @@ func TestShouldRedirectWhenSessionInactiveForTooLongAndRDParamProvided(t *testin
 	err := mock.Ctx.SaveSession(userSession)
 	require.NoError(t, err)
 
-	mock.Ctx.QueryArgs().Add("rd", "https://login.example.com")
+	mock.Ctx.QueryArgs().Add(queryArgRD, "https://login.example.com")
 	mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
 	mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
 	mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
@@ -870,7 +870,7 @@ func TestShouldRedirectWithCorrectStatusCodeBasedOnRequestMethod(t *testing.T) {
 	mock := mocks.NewMockAutheliaCtx(t)
 	defer mock.Close()
 
-	mock.Ctx.QueryArgs().Add("rd", "https://login.example.com")
+	mock.Ctx.QueryArgs().Add(queryArgRD, "https://login.example.com")
 	mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
 	mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
 	mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
@@ -881,7 +881,7 @@ func TestShouldRedirectWithCorrectStatusCodeBasedOnRequestMethod(t *testing.T) {
 		string(mock.Ctx.Response.Body()))
 	assert.Equal(t, 302, mock.Ctx.Response.StatusCode())
 
-	mock.Ctx.QueryArgs().Add("rd", "https://login.example.com")
+	mock.Ctx.QueryArgs().Add(queryArgRD, "https://login.example.com")
 	mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
 	mock.Ctx.Request.Header.Set("X-Forwarded-Method", "POST")
 	mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
@@ -1449,7 +1449,7 @@ func TestShouldNotRedirectRequestsForBypassACLWhenInactiveForTooLong(t *testing.
 	require.NoError(t, err)
 
 	// Should respond 200 OK.
-	mock.Ctx.QueryArgs().Add("rd", "https://login.example.com")
+	mock.Ctx.QueryArgs().Add(queryArgRD, "https://login.example.com")
 	mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
 	mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
 	mock.Ctx.Request.Header.Set("X-Original-URL", "https://bypass.example.com")
@@ -1458,7 +1458,7 @@ func TestShouldNotRedirectRequestsForBypassACLWhenInactiveForTooLong(t *testing.
 	assert.Nil(t, mock.Ctx.Response.Header.Peek("Location"))
 
 	// Should respond 302 Found.
-	mock.Ctx.QueryArgs().Add("rd", "https://login.example.com")
+	mock.Ctx.QueryArgs().Add(queryArgRD, "https://login.example.com")
 	mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
 	mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
 	mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
@@ -1467,7 +1467,7 @@ func TestShouldNotRedirectRequestsForBypassACLWhenInactiveForTooLong(t *testing.
 	assert.Equal(t, "https://login.example.com/?rd=https%3A%2F%2Ftwo-factor.example.com&rm=GET", string(mock.Ctx.Response.Header.Peek("Location")))
 
 	// Should respond 401 Unauthorized.
-	mock.Ctx.QueryArgs().Del("rd")
+	mock.Ctx.QueryArgs().Del(queryArgRD)
 	mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
 	mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
 	mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")