github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

don't treat openid scope special here -- by default client gets access to *all* scopes it's registered for

pull/306/merge
Justin Richer 2013-01-30 15:45:21 -05:00
parent 078342715b
commit f9d50db1f1
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
View File

@ -119,12 +119,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope")); Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope"));
if ((scopes == null || scopes.isEmpty())) { if ((scopes == null || scopes.isEmpty())) {
//TODO: do we want to allow default scoping at all? //TODO: do we want to allow default scoping at all?
// If no scopes are specified in the incoming data, it is possible to default to the client's
//registered scopes, but minus the "openid" scope. OpenID Connect requests MUST have the "openid" scope.
Set<String> clientScopes = client.getScope(); Set<String> clientScopes = client.getScope();
if (clientScopes.contains("openid")) {
clientScopes.remove("openid");
}
scopes = clientScopes; scopes = clientScopes;
} }
DefaultAuthorizationRequest request = new DefaultAuthorizationRequest(inputParams, Collections.<String, String> emptyMap(), clientId, scopes); DefaultAuthorizationRequest request = new DefaultAuthorizationRequest(inputParams, Collections.<String, String> emptyMap(), clientId, scopes);