mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

server: allow extra spaces in scopes 

go-oidc sends an extra space before the list of scopes. This is bad
but we have to support it, so we'll be more lenient and ignore
duplicated whitespace.
pull/601/head
Eric Chiang 10 years ago
parent
cf8801dcec
commit
2834da443f
3 changed files with 30 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      server/handlers.go
  2. 2
      server/oauth2.go
  3. 28
      server/server_test.go

2
server/handlers.go
Unescape View File

@ -537,7 +537,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
scopes := refresh.Scopes scopes := refresh.Scopes
if scope != "" { if scope != "" {
requestedScopes := strings.Split(scope, " ") requestedScopes := strings.Fields(scope)
var unauthorizedScopes []string var unauthorizedScopes []string
for _, s := range requestedScopes { for _, s := range requestedScopes {

2
server/oauth2.go
Unescape View File

@ -213,7 +213,7 @@ func parseAuthorizationRequest(s storage.Storage, supportedResponseTypes map[str
return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)} return &authErr{state, redirectURI, typ, fmt.Sprintf(format, a...)}
} }
scopes := strings.Split(r.Form.Get("scope"), " ") scopes := strings.Fields(r.Form.Get("scope"))
var ( var (
unrecognized []string unrecognized []string

28
server/server_test.go
Unescape View File

@ -195,6 +195,34 @@ func TestOAuth2CodeFlow(t *testing.T) {
return nil return nil
}, },
}, },
{
name: "refresh with extra spaces",
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {
v := url.Values{}
v.Add("client_id", clientID)
v.Add("client_secret", clientSecret)
v.Add("grant_type", "refresh_token")
v.Add("refresh_token", token.RefreshToken)
// go-oidc adds an additional space before scopes when refreshing.
// Since we support that client we choose to be more relaxed about
// scope parsing, disregarding extra whitespace.
v.Add("scope", " "+strings.Join(requestedScopes, " "))
resp, err := http.PostForm(p.TokenURL, v)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
dump, err := httputil.DumpResponse(resp, true)
if err != nil {
panic(err)
}
return fmt.Errorf("unexpected response: %s", dump)
}
return nil
},
},
{ {
name: "refresh with unauthorized scopes", name: "refresh with unauthorized scopes",
handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error { handleToken: func(ctx context.Context, p *oidc.Provider, config *oauth2.Config, token *oauth2.Token) error {

Write Preview
Loading…
Cancel
Save