From 64713846769da395f8ebc5d6f97f2d4b6d7a0e48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Mon, 5 Feb 2018 15:34:47 +0100
Subject: [PATCH] Remove built-in support for the none flow

---
 .../OpenIddictProvider.Authentication.cs      |  5 ++---
 .../OpenIddictProviderTests.Authentication.cs | 21 +++++++++++++++++++
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/OpenIddict/OpenIddictProvider.Authentication.cs b/src/OpenIddict/OpenIddictProvider.Authentication.cs
index 47c52c3d..1028bd6d 100644
--- a/src/OpenIddict/OpenIddictProvider.Authentication.cs
+++ b/src/OpenIddict/OpenIddictProvider.Authentication.cs
@@ -112,9 +112,8 @@ namespace OpenIddict
             var options = (OpenIddictOptions) context.Options;
 
             // Note: the OpenID Connect server middleware supports authorization code, implicit, hybrid,
-            // none and custom flows but OpenIddict uses a stricter policy rejecting unknown flows.
-            if (!context.Request.IsAuthorizationCodeFlow() && !context.Request.IsHybridFlow() &&
-                !context.Request.IsImplicitFlow() && !context.Request.IsNoneFlow())
+            // none and custom flows but OpenIddict uses a stricter policy rejecting none and custum flows.
+            if (!context.Request.IsAuthorizationCodeFlow() && !context.Request.IsHybridFlow() && !context.Request.IsImplicitFlow())
             {
                 Logger.LogError("The authorization request was rejected because the '{ResponseType}' " +
                                 "response type is not supported.", context.Request.ResponseType);
diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs
index fba20152..eecc7ebc 100644
--- a/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs
+++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs
@@ -114,6 +114,27 @@ namespace OpenIddict.Tests
             Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription);
         }
 
+        [Fact]
+        public async Task ValidateAuthorizationRequest_NoneFlowIsRejected()
+        {
+            // Arrange
+            var server = CreateAuthorizationServer();
+
+            var client = new OpenIdConnectClient(server.CreateClient());
+
+            // Act
+            var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest
+            {
+                ClientId = "Fabrikam",
+                RedirectUri = "http://www.fabrikam.com/path",
+                ResponseType = OpenIdConnectConstants.ResponseTypes.None
+            });
+
+            // Assert
+            Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error);
+            Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription);
+        }
+
         [Fact]
         public async Task ValidateAuthorizationRequest_UnknownResponseTypeParameterIsRejected()
         {