Merge branch 'Branch_MOA-ID-3.2.1' into development_preview

2 files changed, 20 insertions, 17 deletions

diff --git a/id/history.txt b/id/history.txt
index befe0ffbc..c7bb7ac23 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -8,7 +8,8 @@ Version MOA-ID Release 3.2.2: Änderungen seit Version MOA-ID 3.2.1
   - Bug-Fix - Problem with SSL certificate path-construction in case of worker threads

   - Bug-Fix - Problems with configuration entries in some special cases

   - Bug-Fix - Problem with RandomNumberGeneration in combination with IAIK_JCE and JAVA JDK >= 8u111

-  - Bug-Fix - Problem with Statistic Logger if persist operation on database failes      

+  - Bug-Fix - Problem with Statistic Logger if persist operation on database failes

+  - Bug-Fix - Problem with empty scope parameter in openID Connect request      

 

 ------------------------------------------------------------------------------

 Version MOA-ID Release 3.2.1: Änderungen seit Version MOA-ID 3.2.0

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b9bed7a22..f0cf45293 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -163,22 +163,24 @@ class OAuth20AuthAction implements IAction {
 		OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData, oAuthRequest);
 		resultScopes.append("openId");
 		
-		for (String s : scope.split(" ")) {
-			if (s.equalsIgnoreCase("profile")) {
-				OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
-				resultScopes.append(" profile");
-			} else if (s.equalsIgnoreCase("eID")) {
-				OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
-				resultScopes.append(" eID");
-			} else if (s.equalsIgnoreCase("eID_gov")) {
-				OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
-				resultScopes.append(" eID_gov");
-			} else if (s.equalsIgnoreCase("mandate")) {
-				OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
-				resultScopes.append(" mandate");
-			} else if (s.equalsIgnoreCase("stork")) {
-				OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
-				resultScopes.append(" stork");
+		if (scope != null) {
+			for (String s : scope.split(" ")) {
+				if (s.equalsIgnoreCase("profile")) {
+					OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
+					resultScopes.append(" profile");
+				} else if (s.equalsIgnoreCase("eID")) {
+					OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
+					resultScopes.append(" eID");
+				} else if (s.equalsIgnoreCase("eID_gov")) {
+					OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
+					resultScopes.append(" eID_gov");
+				} else if (s.equalsIgnoreCase("mandate")) {
+					OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
+					resultScopes.append(" mandate");
+				} else if (s.equalsIgnoreCase("stork")) {
+					OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
+					resultScopes.append(" stork");
+				}
 			}
 		}