Skip to content

Commit

Permalink
fix(jans-auth-server): when obtain new token using refresh token, che…
Browse files Browse the repository at this point in the history
…ck whether scope is null (#3382)
  • Loading branch information
Milton-Ch authored Dec 22, 2022
1 parent 3028a94 commit 22743d9
Showing 1 changed file with 2 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,8 @@ public class TokenExchangeService {
private AttributeService attributeService;

public void rotateDeviceSecretOnRefreshToken(HttpServletRequest httpRequest, AuthorizationGrant refreshGrant, String scope) {
if (!scope.contains(ScopeConstants.DEVICE_SSO)) {
if (StringUtils.isBlank(scope) || !scope.contains(ScopeConstants.DEVICE_SSO)) {
log.debug("Skip rotate device secret on refresh token. No device_sso scope.");
return;
}
if (StringUtils.isBlank(refreshGrant.getSessionDn())) {
Expand Down

0 comments on commit 22743d9

Please sign in to comment.