Fix authorize handler

apozohue10 · apozohue10 · commit 0e1328d50e0c · 2020-06-24T15:59:23.000+02:00
diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js
@@ -620,11 +620,22 @@ AuthorizeHandler.prototype.getClient = function(request) {
         throw new InvalidClientError('Invalid client: missing client `grants`');
       }
 
-      if (request.query.response_type === 'code' && !_.includes(client.grants, 'authorization_code')) {
+      let responseTypeTemp = request.query.response_type.split(' ');
+
+
+      if (responseTypeTemp.includes('code') && !_.includes(client.grants, 'authorization_code')) {
+        throw new UnauthorizedClientError('Unsupported grant type: `grant_type` is invalid');
+      }
+
+      if (responseTypeTemp.includes('token') && !_.includes(client.grants, 'implicit')) {
+        throw new UnauthorizedClientError('Unsupported grant type: `grant_type` is invalid');
+      }
+
+      if (responseTypeTemp.includes('id_token') && !_.includes(client.response_types, 'id_token')) {
         throw new UnauthorizedClientError('Unsupported grant type: `grant_type` is invalid');
       }
 
-      if (request.query.response_type === 'token' && !_.includes(client.grants, 'implicit')) {
+      if ((responseTypeTemp.includes('code') && responseTypeTemp.length > 1) && !_.includes(client.grants, 'hybrid')) {
         throw new UnauthorizedClientError('Unsupported grant type: `grant_type` is invalid');
       }
 
