Taking the OAauth 2.0 spec, there is no response_mode=form_post - so is this a custom/special implementation by OpenID ? Could not find anything with a quicksearch.
However, a general possible solution I could suggest, would be to implement a custom PSR-15 Middleware [1] and register it early in the stack (before the TYPO3 core handling / token validation take place. In this middleware, check if it is the OpenID response callback along with the query arguemtn (response_mode=query) as the fragement mode is not reasonable (fragments are only browser information, and not transfered to the server / webserver).
Following a example middleware to demonstrate in a
pseudo way (not tested), put it into your extension
my_ext/Classes/Middleware/CustomBackendMiddleware.php:
<?php
namespace MyVendor\MyExtension\Middleware;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use TYPO3\CMS\Core\Security\RequestToken;
final CustomBackendMiddleware implements MiddlewareInterface
{
/**
* Resolve the site information by checking the page ID
* ("id" parameter) which is typically used in BE modules
* of type "web".
*/
public function process(
ServerRequestInterface $request,
RequestHandlerInterface $handler
): ResponseInterface {
// @todo harden the check if it is the correct url/arguments
// following is only example code for demonstration purpose
$openIdResponseToken = $request
->getQueryParams()['openid_token_query_argument_name'] ?? null;
if (openIdResponseToken === null) {
// nothing to do, continue normal stack
return $handler->handle($request);
}
$request = $request
->withMethod('POST')
->withHeader(RequestToken::HEADER_NAME, $openIdResponseToken)
;
// check/migrate/reset additonal headers, data or transform to
// a valid post request etc if required.
// NOTE: Depending where in the middleware stack this middleware will be
// registered, we need to update the global request.
if (($GLOBALS['TYPO3_REQUEST'] ?? null) instanceof ServerRequestInterface) {
$GLOBALS['TYPO3_REQUEST'] = $request;
}
// continue stack with manipulated request
return $handler->handle($request);
}
}
Then, in youre extension Configuration/RequestMiddlewares.php you need to register the middleware:
return [
'backend' => [
'my-vendor/backend-oauth-service-request-transformator' => [
'target' => \MyVendor\MyExtension\Middleware\CustomBackendMiddleware::class,
'after' => [
'typo3/cms-backend/locked-backend',
],
'before' => [
'typo3/cms-core/request-token-middleware',
],
],
],
];
But I guess, that you want to fully etablish the signin .-. which would involve more than that, I guess. TBH - I never messed araound with user authentication provides.
However, beside some extensions targeting FE user signing, there is also a extension targeting for backend openid signin - and that already for a long time. So, instead of implementing the stuff yourself, you may want to install and evaluate that extension first - or at least look into the code how they are doing it and adopt the parts you need and adjust it for your requirements. [1][2]
NOTE: This is not a suggestion of what to use or not - it's such some findings. Please search yourself the TYPO3 Extension Repository for alternative and suiting extension. [3]
