server: allow extra spaces in scopes

go-oidc sends an extra space before the list of scopes. This is bad
but we have to support it, so we'll be more lenient and ignore
duplicated whitespace.
This commit is contained in:
Eric Chiang 2016-10-12 15:31:01 -07:00
parent cf8801dcec
commit 2834da443f
3 changed files with 30 additions and 2 deletions

View file

@ -537,7 +537,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
scopes := refresh.Scopes scopes := refresh.Scopes
if scope != "" { if scope != "" {
requestedScopes := strings.Split(scope, " ") requestedScopes := strings.Fields(scope)
var unauthorizedScopes []string var unauthorizedScopes []string
for _, s := range requestedScopes { for _, s := range requestedScopes {

View file

@ -213,7 +213,7 @@ func parseAuthorizationRequest(s storage.Storage, supportedResponseTypes map[str
return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)} return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)}
} }
scopes := strings.Split(r.Form.Get("scope"), " ") scopes := strings.Fields(r.Form.Get("scope"))
var ( var (
unrecognized []string unrecognized []string

View file

@ -195,6 +195,34 @@ func TestOAuth2CodeFlow(t *testing.T) {
return nil return nil
}, },
}, },
{
name: "refresh with extra spaces",
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
v := url.Values{}
v.Add("client_id", clientID)
v.Add("client_secret", clientSecret)
v.Add("grant_type", "refresh_token")
v.Add("refresh_token", token.RefreshToken)
// go-oidc adds an additional space before scopes when refreshing.
// Since we support that client we choose to be more relaxed about
// scope parsing, disregarding extra whitespace.
v.Add("scope", " "+strings.Join(requestedScopes, " "))
resp, err := http.PostForm(p.TokenURL, v)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
dump, err := httputil.DumpResponse(resp, true)
if err != nil {
panic(err)
}
return fmt.Errorf("unexpected response: %s", dump)
}
return nil
},
},
{ {
name: "refresh with unauthorized scopes", name: "refresh with unauthorized scopes",
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error { handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {