aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-openID/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-06-06 15:15:44 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-06-06 15:15:44 +0200
commita76ea96898c29947d321036f8eae4e5b5c01caaa (patch)
tree67594e0e793d9095750381311b83b997317604c7 /id/server/modules/moa-id-module-openID/src
parent8af293b80fb4a7930dfee4af5557036b3b47283b (diff)
downloadmoa-id-spss-a76ea96898c29947d321036f8eae4e5b5c01caaa.tar.gz
moa-id-spss-a76ea96898c29947d321036f8eae4e5b5c01caaa.tar.bz2
moa-id-spss-a76ea96898c29947d321036f8eae4e5b5c01caaa.zip
fix bug with empty OpenIDConnect scope parameter
Diffstat (limited to 'id/server/modules/moa-id-module-openID/src')
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java34
1 files changed, 18 insertions, 16 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b9bed7a22..f0cf45293 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -163,22 +163,24 @@ class OAuth20AuthAction implements IAction {
OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData, oAuthRequest);
resultScopes.append("openId");
- for (String s : scope.split(" ")) {
- if (s.equalsIgnoreCase("profile")) {
- OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
- resultScopes.append(" profile");
- } else if (s.equalsIgnoreCase("eID")) {
- OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
- resultScopes.append(" eID");
- } else if (s.equalsIgnoreCase("eID_gov")) {
- OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
- resultScopes.append(" eID_gov");
- } else if (s.equalsIgnoreCase("mandate")) {
- OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
- resultScopes.append(" mandate");
- } else if (s.equalsIgnoreCase("stork")) {
- OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
- resultScopes.append(" stork");
+ if (scope != null) {
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" profile");
+ } else if (s.equalsIgnoreCase("eID")) {
+ OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" eID");
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" eID_gov");
+ } else if (s.equalsIgnoreCase("mandate")) {
+ OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" mandate");
+ } else if (s.equalsIgnoreCase("stork")) {
+ OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData);
+ resultScopes.append(" stork");
+ }
}
}