Skip to content

introspect endpoint don't follow rfc7662 #1229

New issue
New issue
Open
Open
introspect endpoint don't follow rfc7662#1229
Assignees
strehle
Labels
bugunscheduledwaiting-4-prPull-Request is wanted in order to proceed
Milestone
icebox
@IIDarkKnightII

Description

@IIDarkKnightII
IIDarkKnightII
opened on Mar 6, 2020

SECURITY NOTICE: If you have found a security problem in the UAA, please do not file a public github issue. Instead, please send an email to [email protected]

Thanks for taking the time to file an issue. You'll minimize back and forth and help us help you more effectively by answering all of the following questions as specifically and completely as you can.

What version of UAA are you running?

http://docs.cloudfoundry.org/api/uaa/version/74.15.0

What did you do?

Hit /introspect endpoint to fetch the scope.

What did you expect to see? What goal are you trying to achieve with the UAA?

According to RFC, the SCOPE should be a JSON String containing a space-separated list of scopes associated with the token. And this is how all the frameworks like Spring Security etc. and most of the major programming languages has built by following RFC.

RFC for Reference

"scope" : "scim.userids openid cloud_controller.read password.write cloud_controller.write

What did you see instead?

I get the scope as an array like below:
"scope" : [ "scim.userids", "openid", "cloud_controller.read", "password.write", "cloud_controller.write" ]

Metadata

Metadata

Assignees

Labels

bugunscheduledwaiting-4-prPull-Request is wanted in order to proceed

Type

No type

Projects

Foundational Infrastructure Working Group

Status

Inbox

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions