Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11839

OAuth2 Dynamic Client Registration "scope" parameter can contain scope description that causes scope parsing to fail

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 14.1.1, 14.5.0
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Rank:
      1|hzuam7:

      Description

      When registering a new OAuth2 client at the /oauth2/register endpoint the "scope" parameter is required to be a space delimited string, but we allow specifying scope descriptions in this parameter to. This means a client can register a scope like: "email|Your email address openid| address|Your postal address phone|Your telephone number(s) profile|Your personal information openid" but this will not parse correctly because of the spaces in the scope descriptions.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                phillcunnington Phill Cunnington
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: