diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-06-06 15:15:44 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-06-06 15:15:44 +0200 | 
| commit | a76ea96898c29947d321036f8eae4e5b5c01caaa (patch) | |
| tree | 67594e0e793d9095750381311b83b997317604c7 /id/server | |
| parent | 8af293b80fb4a7930dfee4af5557036b3b47283b (diff) | |
| download | moa-id-spss-a76ea96898c29947d321036f8eae4e5b5c01caaa.tar.gz moa-id-spss-a76ea96898c29947d321036f8eae4e5b5c01caaa.tar.bz2 moa-id-spss-a76ea96898c29947d321036f8eae4e5b5c01caaa.zip | |
fix bug with empty OpenIDConnect scope parameter
Diffstat (limited to 'id/server')
| -rw-r--r-- | id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java | 34 | 
1 files changed, 18 insertions, 16 deletions
| diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b9bed7a22..f0cf45293 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -163,22 +163,24 @@ class OAuth20AuthAction implements IAction {  		OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData, oAuthRequest);  		resultScopes.append("openId"); -		for (String s : scope.split(" ")) { -			if (s.equalsIgnoreCase("profile")) { -				OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData); -				resultScopes.append(" profile"); -			} else if (s.equalsIgnoreCase("eID")) { -				OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData); -				resultScopes.append(" eID"); -			} else if (s.equalsIgnoreCase("eID_gov")) { -				OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData); -				resultScopes.append(" eID_gov"); -			} else if (s.equalsIgnoreCase("mandate")) { -				OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData); -				resultScopes.append(" mandate"); -			} else if (s.equalsIgnoreCase("stork")) { -				OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData); -				resultScopes.append(" stork"); +		if (scope != null) { +			for (String s : scope.split(" ")) { +				if (s.equalsIgnoreCase("profile")) { +					OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData); +					resultScopes.append(" profile"); +				} else if (s.equalsIgnoreCase("eID")) { +					OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData); +					resultScopes.append(" eID"); +				} else if (s.equalsIgnoreCase("eID_gov")) { +					OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData); +					resultScopes.append(" eID_gov"); +				} else if (s.equalsIgnoreCase("mandate")) { +					OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData); +					resultScopes.append(" mandate"); +				} else if (s.equalsIgnoreCase("stork")) { +					OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData); +					resultScopes.append(" stork"); +				}  			}  		} | 
