improve ValidateAuthReqScopes
This commit is contained in:
Livio Amstutz
parent
ed33332dce
commit
5cc884766e
1 changed files with 13 additions and 13 deletions
|
|
@ -111,22 +111,22 @@ func ValidateAuthReqScopes(client Client, scopes []string) ([]string, error) {
|
|||
}
|
||||
openID := false
|
||||
for i := len(scopes) - 1; i >= 0; i-- {
|
||||
switch scopes[i] {
|
||||
case oidc.ScopeOpenID:
|
||||
scope := scopes[i]
|
||||
if scope == oidc.ScopeOpenID {
|
||||
openID = true
|
||||
case oidc.ScopeProfile,
|
||||
oidc.ScopeEmail,
|
||||
oidc.ScopePhone,
|
||||
oidc.ScopeAddress,
|
||||
oidc.ScopeOfflineAccess:
|
||||
default:
|
||||
if !utils.Contains(client.AllowedScopes(), scopes[i]) {
|
||||
continue
|
||||
}
|
||||
if !(scope == oidc.ScopeProfile ||
|
||||
scope == oidc.ScopeEmail ||
|
||||
scope == oidc.ScopePhone ||
|
||||
scope == oidc.ScopeAddress ||
|
||||
scope == oidc.ScopeOfflineAccess) &&
|
||||
!utils.Contains(client.AllowedScopes(), scope) {
|
||||
scopes[i] = scopes[len(scopes)-1]
|
||||
scopes[len(scopes)-1] = ""
|
||||
scopes = scopes[:len(scopes)-1]
|
||||
}
|
||||
}
|
||||
}
|
||||
if !openID {
|
||||
return nil, ErrInvalidRequest("The scope openid is missing in your request. Please ensure the scope openid is added to the request. If you have any questions, you may contact the administrator of the application.")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue