Merge pull request #601 from ericchiang/dev-allow-extra-space-in-scopes
server: allow extra spaces in scopes
This commit is contained in:
commit
13554ee735
3 changed files with 30 additions and 2 deletions
|
@ -537,7 +537,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
|
||||||
|
|
||||||
scopes := refresh.Scopes
|
scopes := refresh.Scopes
|
||||||
if scope != "" {
|
if scope != "" {
|
||||||
requestedScopes := strings.Split(scope, " ")
|
requestedScopes := strings.Fields(scope)
|
||||||
var unauthorizedScopes []string
|
var unauthorizedScopes []string
|
||||||
|
|
||||||
for _, s := range requestedScopes {
|
for _, s := range requestedScopes {
|
||||||
|
|
|
@ -213,7 +213,7 @@ func parseAuthorizationRequest(s storage.Storage, supportedResponseTypes map[str
|
||||||
return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)}
|
return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)}
|
||||||
}
|
}
|
||||||
|
|
||||||
scopes := strings.Split(r.Form.Get("scope"), " ")
|
scopes := strings.Fields(r.Form.Get("scope"))
|
||||||
|
|
||||||
var (
|
var (
|
||||||
unrecognized []string
|
unrecognized []string
|
||||||
|
|
|
@ -195,6 +195,34 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "refresh with extra spaces",
|
||||||
|
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
|
||||||
|
v := url.Values{}
|
||||||
|
v.Add("client_id", clientID)
|
||||||
|
v.Add("client_secret", clientSecret)
|
||||||
|
v.Add("grant_type", "refresh_token")
|
||||||
|
v.Add("refresh_token", token.RefreshToken)
|
||||||
|
|
||||||
|
// go-oidc adds an additional space before scopes when refreshing.
|
||||||
|
// Since we support that client we choose to be more relaxed about
|
||||||
|
// scope parsing, disregarding extra whitespace.
|
||||||
|
v.Add("scope", " "+strings.Join(requestedScopes, " "))
|
||||||
|
resp, err := http.PostForm(p.TokenURL, v)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
dump, err := httputil.DumpResponse(resp, true)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
return fmt.Errorf("unexpected response: %s", dump)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "refresh with unauthorized scopes",
|
name: "refresh with unauthorized scopes",
|
||||||
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
|
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
|
||||||
|
|
Reference in a new issue