From 08033bb9ad17d46eec0f603281ee2e66f6946507 Mon Sep 17 00:00:00 2001
From: Wojciech Bartosiak <wojtek-fliposports@users.noreply.github.com>
Date: Tue, 8 Mar 2016 13:21:55 +0000
Subject: [PATCH] Fix missing verification of response type for client

---
 oidc_provider/lib/endpoints/authorize.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py
index e75dfe8..f571c81 100644
--- a/oidc_provider/lib/endpoints/authorize.py
+++ b/oidc_provider/lib/endpoints/authorize.py
@@ -76,6 +76,10 @@ class AuthorizeEndpoint(object):
             raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
                 self.grant_type)
 
+        if self.is_authentication and self.params.response_type != self.client.response_type:
+            raise AuthorizeError(self.params.redirect_uri, 'invalid_request',
+                self.grant_type)
+                
         clean_redirect_uri = urlsplit(self.params.redirect_uri)
         clean_redirect_uri = urlunsplit(clean_redirect_uri._replace(query=''))
         if not (clean_redirect_uri in self.client.redirect_uris):