From 5240140a9667808590fd8f261bd3ced2e5e34bfd Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Fri, 7 Sep 2018 14:52:00 -0400
Subject: [PATCH] Add support for POST calls to OIDC endpoints

---
 endpoints/oauth/login.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/endpoints/oauth/login.py b/endpoints/oauth/login.py
index 2a0ade3af..3987b2fea 100644
--- a/endpoints/oauth/login.py
+++ b/endpoints/oauth/login.py
@@ -182,12 +182,12 @@ def _register_service(login_service):
   @oauthlogin_csrf_protect
   def callback_func():
     # Check for a callback error.
-    error = request.args.get('error', None)
+    error = request.values.get('error', None)
     if error:
       return _render_ologin_error(login_service.service_name(), error)
 
     # Exchange the OAuth code for login information.
-    code = request.args.get('code')
+    code = request.values.get('code')
     try:
       lid, lusername, lemail = login_service.exchange_code_for_login(app.config, client, code, '')
     except OAuthLoginException as ole:
@@ -217,12 +217,12 @@ def _register_service(login_service):
   @oauthlogin_csrf_protect
   def attach_func():
     # Check for a callback error.
-    error = request.args.get('error', None)
+    error = request.values.get('error', None)
     if error:
       return _render_ologin_error(login_service.service_name(), error)
 
     # Exchange the OAuth code for login information.
-    code = request.args.get('code')
+    code = request.values.get('code')
     try:
       lid, lusername, _ = login_service.exchange_code_for_login(app.config, client, code, '/attach')
     except OAuthLoginException as ole:
@@ -258,12 +258,12 @@ def _register_service(login_service):
   @oauthlogin_csrf_protect
   def cli_token_func():
     # Check for a callback error.
-    error = request.args.get('error', None)
+    error = request.values.get('error', None)
     if error:
       return _render_ologin_error(login_service.service_name(), error)
 
     # Exchange the OAuth code for the ID token.
-    code = request.args.get('code')
+    code = request.values.get('code')
     try:
       idtoken, _ = login_service.exchange_code_for_tokens(app.config, client, code, '/cli')
     except OAuthLoginException as ole:
@@ -281,17 +281,17 @@ def _register_service(login_service):
   oauthlogin.add_url_rule('/%s/callback' % login_service.service_id(),
                           '%s_oauth_callback' % login_service.service_id(),
                           callback_func,
-                          methods=['GET'])
+                          methods=['GET', 'POST'])
 
   oauthlogin.add_url_rule('/%s/callback/attach' % login_service.service_id(),
                           '%s_oauth_attach' % login_service.service_id(),
                           attach_func,
-                          methods=['GET'])
+                          methods=['GET', 'POST'])
 
   oauthlogin.add_url_rule('/%s/callback/cli' % login_service.service_id(),
                           '%s_oauth_cli' % login_service.service_id(),
                           cli_token_func,
-                          methods=['GET'])
+                          methods=['GET', 'POST'])
 
 # Register the routes for each of the login services.
 for current_service in oauth_login.services: