fosite Need to increase the scope(`openid`) inspection in openid `CanHandleTokenEndpointRequest`

Need to increase the scope(`openid`) inspection in openid `CanHandleTokenEndpointRequest`

Open yiuiua opened this issue 2 years ago • 0 comments

Preflight checklist

[X] I could not find a solution in the existing issues, docs, nor discussions.
[X] I agree to follow this project's Code of Conduct.
[X] I have read and am following this repository's Contribution Guidelines.
[ ] This issue affects my Ory Cloud project.
[ ] I have joined the Ory Community Slack.
[ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

When OAuth2 and OIDC are used together, OAuth2 requests (Scope! = 'openid), perform the PopulateTokenEndpointResponse (flow_explicit_token.go) function should do nothing, but it is not so.
I think the CanHandleTokenEndpointRequest function should be changed to

func (c *OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool {
	return requester.GetGrantTypes().ExactOne("authorization_code") && requester.GetGrantedScopes().Has("openid")
}

Reproducing the bug

The explicit token flow should check that GrantTypes includes authorization_code and Scopes includes openid

Relevant log output

No response

Relevant configuration

No response

Version

v0.42.2

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Binary

Additional Context

No response

Sep 08 '22 11:09 yiuiua

fosite fosite copied to clipboard

Need to increase the scope(`openid`) inspection in openid `CanHandleTokenEndpointRequest`

Preflight checklist

Describe the bug

Reproducing the bug

Relevant log output

Relevant configuration

Version

On which operating system are you observing this issue?

In which environment are you deploying?

Additional Context

fosite
fosite copied to clipboard