Merge pull request #601 from ericchiang/dev-allow-extra-space-in-scopes
server: allow extra spaces in scopes
This commit is contained in:
commit
13554ee735
3 changed files with 30 additions and 2 deletions
|
@ -537,7 +537,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
|
|||
|
||||
scopes := refresh.Scopes
|
||||
if scope != "" {
|
||||
requestedScopes := strings.Split(scope, " ")
|
||||
requestedScopes := strings.Fields(scope)
|
||||
var unauthorizedScopes []string
|
||||
|
||||
for _, s := range requestedScopes {
|
||||
|
|
|
@ -213,7 +213,7 @@ func parseAuthorizationRequest(s storage.Storage, supportedResponseTypes map[str
|
|||
return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)}
|
||||
}
|
||||
|
||||
scopes := strings.Split(r.Form.Get("scope"), " ")
|
||||
scopes := strings.Fields(r.Form.Get("scope"))
|
||||
|
||||
var (
|
||||
unrecognized []string
|
||||
|
|
|
@ -195,6 +195,34 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
|||
return nil
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "refresh with extra spaces",
|
||||
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
|
||||
v := url.Values{}
|
||||
v.Add("client_id", clientID)
|
||||
v.Add("client_secret", clientSecret)
|
||||
v.Add("grant_type", "refresh_token")
|
||||
v.Add("refresh_token", token.RefreshToken)
|
||||
|
||||
// go-oidc adds an additional space before scopes when refreshing.
|
||||
// Since we support that client we choose to be more relaxed about
|
||||
// scope parsing, disregarding extra whitespace.
|
||||
v.Add("scope", " "+strings.Join(requestedScopes, " "))
|
||||
resp, err := http.PostForm(p.TokenURL, v)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
dump, err := httputil.DumpResponse(resp, true)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return fmt.Errorf("unexpected response: %s", dump)
|
||||
}
|
||||
return nil
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "refresh with unauthorized scopes",
|
||||
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
|
||||
|
|
Reference in a new issue