server: allow extra spaces in scopes
go-oidc sends an extra space before the list of scopes. This is bad but we have to support it, so we'll be more lenient and ignore duplicated whitespace.
This commit is contained in:
parent
cf8801dcec
commit
2834da443f
3 changed files with 30 additions and 2 deletions
|
@ -537,7 +537,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
|
|||
|
||||
scopes := refresh.Scopes
|
||||
if scope != "" {
|
||||
requestedScopes := strings.Split(scope, " ")
|
||||
requestedScopes := strings.Fields(scope)
|
||||
var unauthorizedScopes []string
|
||||
|
||||
for _, s := range requestedScopes {
|
||||
|
|
|
@ -213,7 +213,7 @@ func parseAuthorizationRequest(s storage.Storage, supportedResponseTypes map[str
|
|||
return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)}
|
||||
}
|
||||
|
||||
scopes := strings.Split(r.Form.Get("scope"), " ")
|
||||
scopes := strings.Fields(r.Form.Get("scope"))
|
||||
|
||||
var (
|
||||
unrecognized []string
|
||||
|
|
|
@ -195,6 +195,34 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
|||
return nil
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "refresh with extra spaces",
|
||||
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
|
||||
v := url.Values{}
|
||||
v.Add("client_id", clientID)
|
||||
v.Add("client_secret", clientSecret)
|
||||
v.Add("grant_type", "refresh_token")
|
||||
v.Add("refresh_token", token.RefreshToken)
|
||||
|
||||
// go-oidc adds an additional space before scopes when refreshing.
|
||||
// Since we support that client we choose to be more relaxed about
|
||||
// scope parsing, disregarding extra whitespace.
|
||||
v.Add("scope", " "+strings.Join(requestedScopes, " "))
|
||||
resp, err := http.PostForm(p.TokenURL, v)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
dump, err := httputil.DumpResponse(resp, true)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return fmt.Errorf("unexpected response: %s", dump)
|
||||
}
|
||||
return nil
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "refresh with unauthorized scopes",
|
||||
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
|
||||
|
|
Reference in a new issue