cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

improve ValidateAuthReqScopes

Browse source
This commit is contained in:
Livio Amstutz 2020-10-15 14:02:53 +02:00
parent ed33332dce
commit 5cc884766e
1 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

20
pkg/op/authrequest.go
View file

@ -111,22 +111,22 @@ func ValidateAuthReqScopes(client Client, scopes []string) ([]string, error) {
}
openID := false
for i := len(scopes) - 1; i >= 0; i-- {
switch scopes[i] {
case oidc.ScopeOpenID:
scope := scopes[i]
if scope == oidc.ScopeOpenID {
openID = true
case oidc.ScopeProfile,
oidc.ScopeEmail,
oidc.ScopePhone,
oidc.ScopeAddress,
oidc.ScopeOfflineAccess:
default:
if !utils.Contains(client.AllowedScopes(), scopes[i]) {
continue
}
if !(scope == oidc.ScopeProfile ||
scope == oidc.ScopeEmail ||
scope == oidc.ScopePhone ||
scope == oidc.ScopeAddress ||
scope == oidc.ScopeOfflineAccess) &&
!utils.Contains(client.AllowedScopes(), scope) {
scopes[i] = scopes[len(scopes)-1]
scopes[len(scopes)-1] = ""
scopes = scopes[:len(scopes)-1]
}
}
}
if !openID {
return nil, ErrInvalidRequest("The scope openid is missing in your request. Please ensure the scope openid is added to the request. If you have any questions, you may contact the administrator of the application.")
}