From 8084d31457f5ee065ea67d0823bd6ff836098d0c Mon Sep 17 00:00:00 2001
From: Toni Iltanen <ToniIltanen@users.noreply.github.com>
Date: Fri, 10 Nov 2017 18:58:47 +0200
Subject: [PATCH 1/2] added query parameters to access_token query

client_id and client_secret added to support client_secret_post based auth on token request
---
 app/models/oic_session.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb
index 952fc55..2a5f7c2 100644
--- a/app/models/oic_session.rb
+++ b/app/models/oic_session.rb
@@ -184,6 +184,8 @@ def access_token_query
       'scope' => 'openid profile email user_name',
       'id_token' => id_token,
       'redirect_uri' => "#{host_name}/oic/local_login",
+      'client_id' => client_config['client_id'],
+      'client_secret' => client_config['client_secret'],
     }
   end
 

From 9acec8d823e01a9bcb5cb912e934e013f28348d7 Mon Sep 17 00:00:00 2001
From: Toni Iltanen <ToniIltanen@users.noreply.github.com>
Date: Fri, 10 Nov 2017 19:02:57 +0200
Subject: [PATCH 2/2] Removed unneeded values from token query

id_token and scope are not valid variables in access token query.
(https://connect2id.com/learn/openid-connect codeflow step2)
---
 app/models/oic_session.rb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb
index 2a5f7c2..d7e3029 100644
--- a/app/models/oic_session.rb
+++ b/app/models/oic_session.rb
@@ -181,8 +181,6 @@ def access_token_query
     query = {
       'grant_type' => 'authorization_code',
       'code' => code,
-      'scope' => 'openid profile email user_name',
-      'id_token' => id_token,
       'redirect_uri' => "#{host_name}/oic/local_login",
       'client_id' => client_config['client_id'],
       'client_secret' => client_config['client_secret'],