Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce the "openid" scope for the WebAuthProvider #422

Merged
merged 2 commits into from
Jan 11, 2021
Merged

Enforce the "openid" scope for the WebAuthProvider #422

merged 2 commits into from
Jan 11, 2021

Conversation

lbalmaceda
Copy link
Contributor

Changes

This PR enforces the scope of "openid", required as part of the ID Token validation that happens during Web Auth.

@lbalmaceda lbalmaceda added this to the v2-Next milestone Jan 8, 2021
@lbalmaceda lbalmaceda requested a review from a team as a code owner January 8, 2021 20:35
lbalmaceda
lbalmaceda commented Jan 8, 2021
View reviewed changes
auth0/src/test/java/com/auth0/android/provider/WebAuthProviderTest.kt
@@ -322,7 +322,7 @@ public class WebAuthProviderTest {
val uri =
intentCaptor.firstValue.getParcelableExtra<Uri>(AuthenticationActivity.EXTRA_AUTHORIZE_URI)
MatcherAssert.assertThat(uri, `is`(notNullValue()))
MatcherAssert.assertThat(uri, UriMatchers.hasParamWithValue("scope", "profile super_scope"))
MatcherAssert.assertThat(uri, UriMatchers.hasParamWithValue("scope", "profile super_scope openid"))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since the scope is now enforced, I needed to update these tests

jimmyjames
jimmyjames previously approved these changes Jan 8, 2021
View reviewed changes
@lbalmaceda
Copy link
Contributor Author

@jimmyjames holding off this one until we decide if a different "default scope" should be set when no scope is given by the developer. The enforcement of "openid" will still be made.

@lbalmaceda lbalmaceda merged commit 229d272 into v2-dev Jan 11, 2021
@jimmyjames jimmyjames deleted the ft-enforce-scope branch January 11, 2021 15:58
@lbalmaceda lbalmaceda modified the milestones: v2-Next, 2.0.0-beta.0 Jan 19, 2021
@Widcket Widcket mentioned this pull request Nov 5, 2021
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmyjames jimmyjames jimmyjames approved these changes

Assignees
No one assigned
Labels
CH: Changed review:small Small review
Projects
None yet
Milestone
2.0.0-beta.0
Development

Successfully merging this pull request may close these issues.
2 participants
@lbalmaceda @jimmyjames