Skip to content

Commit ad4d764

Browse files
committed
Fixes #238
Backward compatibility for comma-separated Scope See also https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/445
1 parent b071e88 commit ad4d764

File tree

3 files changed

+23
-1
lines changed

3 files changed

+23
-1
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121

2222
<groupId>org.openconext</groupId>
2323
<artifactId>oidcng</artifactId>
24-
<version>8.0.0</version>
24+
<version>8.0.1</version>
2525
<name>oidcng</name>
2626

2727
<dependencyManagement>

src/main/java/oidc/endpoints/AuthorizationEndpoint.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -416,7 +416,13 @@ private static String unsupportedPromptValue(String prompt) {
416416

417417
public static List<String> validateScopes(OpenIDClientRepository openIDClientRepository, Scope scope, OpenIDClient client) {
418418
List<String> requestedScopes = scope != null ? scope.toStringList() : Collections.emptyList();
419+
if (requestedScopes.stream().anyMatch(s -> s.contains(","))) {
420+
//backward compatibility with old scope comma separated scopes
421+
requestedScopes = requestedScopes.stream()
422+
.flatMap(s -> Arrays.stream(s.split(",")))
423+
.toList();
419424

425+
}
420426
List<String> allowedResourceServers = client.getAllowedResourceServers();
421427
List<String> grantedScopes = new ArrayList<>();
422428
if (!CollectionUtils.isEmpty(allowedResourceServers)) {

src/test/java/oidc/endpoints/AuthorizationEndpointUnitTest.java

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,21 @@ public void validateScope() {
5252
doValidateScope("open_id", "open_id", "authorization_code");
5353
}
5454

55+
@Test
56+
public void validateScopesForFree() {
57+
doValidateScope("custom", "openid offline_access email profile phone", "authorization_code", "refresh_token");
58+
}
59+
60+
@Test
61+
public void validateScopesForFreeWrongFormat() {
62+
doValidateScope("custom", "openid,offline_access,email,profile,phone", "authorization_code", "refresh_token");
63+
}
64+
65+
@Test
66+
public void validateScopesForFreeWrongFormatSpaces() {
67+
doValidateScope("custom", "openid, offline_access, email, profile, phone", "authorization_code", "refresh_token");
68+
}
69+
5570
@Test
5671
public void validateScopeOfflineAccess() {
5772
doValidateScope("open_id", "open_id offline_access", "authorization_code", "refresh_token");
@@ -170,6 +185,7 @@ private void doValidateScope(String clientScope, String requestResponseScope, St
170185
OpenIDClientRepository openIDClientRepository = mock(OpenIDClientRepository.class);
171186
when(openIDClientRepository.findByClientIdIn(null))
172187
.thenReturn(Collections.singletonList(client));
188+
requestResponseScope = requestResponseScope.replaceAll(",", " ");
173189
Scope scope = Scope.parse(requestResponseScope);
174190
List<String> scopes = AuthorizationEndpoint.validateScopes(openIDClientRepository, scope, client);
175191

0 commit comments

Comments
 (0)