You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2021/11/04 07:06:12 UTC
[cxf] branch master updated: cxf-rt-rs-security-oauth2: fix 'scope'
jwt claim format (#871)
This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 03110cf cxf-rt-rs-security-oauth2: fix 'scope' jwt claim format (#871)
03110cf is described below
commit 03110cf694be67611ea28e6d6cdefa0dd462e302
Author: Alexey Markevich <bu...@gmail.com>
AuthorDate: Thu Nov 4 07:05:57 2021 +0000
cxf-rt-rs-security-oauth2: fix 'scope' jwt claim format (#871)
https://datatracker.ietf.org/doc/html/rfc8693#section-4.2
---
.../cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 4 ++--
.../systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 4eb4d17..01365eb 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -139,9 +139,9 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
if (at.getIssuer() != null) {
claims.setIssuer(at.getIssuer());
}
- if (!at.getScopes().isEmpty()) {
+ if (!at.getScopes().isEmpty()) { // rfc8693, section 4.2
claims.setClaim(OAuthConstants.SCOPE,
- OAuthUtils.convertPermissionsToScopeList(at.getScopes()));
+ OAuthUtils.convertListOfScopesToString(OAuthUtils.convertPermissionsToScopeList(at.getScopes())));
}
// OAuth2 resource indicators (resource server audience)
if (!at.getAudiences().isEmpty()) {
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java
index 2e2d450..c3324c1 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java
@@ -136,7 +136,7 @@ public class OAuth2JwtFiltersTest extends AbstractBusClientServerTestBase {
JwtClaims claims = jwtConsumer.getJwtClaims();
assertEquals("consumer-id", claims.getStringProperty(OAuthConstants.CLIENT_ID));
assertEquals("alice", claims.getStringProperty("username"));
- assertTrue(claims.getListStringProperty(OAuthConstants.SCOPE).contains(scope));
+ assertTrue(claims.getStringProperty(OAuthConstants.SCOPE).contains(scope));
// Now invoke on the service with the access token
WebClient client = WebClient.create(rsAddress, OAuth2TestUtils.setupProviders())
.authorization(new ClientAccessToken(BEARER_AUTHORIZATION_SCHEME, accessToken.getTokenKey()));