- edited description
TokenIntrospectionSuccessResponse getScope() method should not read json String but json Array
Issue #326
invalid
hi, I use this maven package to combine spring oauth2 with opaque token,
the spring security oauth2 return json response with scope
property as json array, but TokenIntrospectionSuccessResponse getScope() method read this property as string,
#TokenIntrospectionSuccessResponse.java#lines-385
public Scope getScope() {
try {
return Scope.parse(JSONObjectUtils.getString(params, "scope"));
} catch (ParseException e) {
return null;
}
}
#https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/OAuth2AccessToken.java#L73
#spring return scope as array:
Set<String> getScope();
Comments (2)
-
reporter -
- changed status to invalid
Please file a ticket with the spring project to encode the scope as plain string. This is a reference to the spec: https://tools.ietf.org/html/rfc7662#section-2.2
To get a string list use the getParameters() and then an appropriate JSONObjectUtils.getStringList:
- Log in to comment