Skip to content

Commit

Permalink
Check for empty scope in response but non-empty scope in provider. Re…
Browse files Browse the repository at this point in the history
…lated to IQSS#5991.
  • Loading branch information
poikilotherm committed Sep 24, 2019
1 parent 2f82f35 commit 5dc272c
Showing 1 changed file with 2 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,8 @@ public OAuth2UserRecord getUserRecord(String code, @NotNull OAuth20Service servi

// We need to check if scope is null first: GitHub is used without scope, so the responses scope is null.
// Checking scopes via Stream to be independent from order.
if ( accessToken.getScope() != null && !getScope().stream().allMatch(accessToken.getScope()::contains) ) {
if ( ( accessToken.getScope() != null && ! getScope().stream().allMatch(accessToken.getScope()::contains) ) ||
( accessToken.getScope() == null && ! getSpacedScope().isEmpty() ) ) {
// We did not get the permissions on the scope(s) we need. Abort and inform the user.
throw new OAuth2Exception(200, BundleUtil.getStringFromBundle("auth.providers.orcid.insufficientScope"), "");
}
Expand Down

0 comments on commit 5dc272c

Please sign in to comment.