Skip to content

Commit

Permalink
Do OAuth scope validation before global scope validation only for leg…
Browse files Browse the repository at this point in the history 
…acy runtime.
  • Loading branch information
@mpmadhavig
mpmadhavig committed Jan 18, 2024
1 parent 37f0653 commit 4af0ead
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions ...auth/src/main/java/org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,18 +290,19 @@ private void validateRequestedScopes(OAuthAuthzReqMessageContext authzReqMsgCtx,
removeInternalScopesFromRequestedScopes(authzReqMsgCtx);
// Adding the authorized internal scopes to tokReqMsgCtx for any special validators to use.
authzReqMsgCtx.setAuthorizedInternalScopes(authorizedInternalScopes);
// Drop unregistered scopes before global scope validators.
boolean isDropUnregisteredScopes = OAuthServerConfiguration.getInstance().isDropUnregisteredScopes();
if (isDropUnregisteredScopes) {
if (log.isDebugEnabled()) {
log.debug("DropUnregisteredScopes config is enabled. Attempting to drop unregistered scopes.");
}
dropUnregisteredScopeFromRequestedScopes(authzReqMsgCtx);
}
} else {
// Engage new scope validator
authorizedScopes = getAuthorizedScopes(authzReqMsgCtx);
removeAuthorizedScopesFromRequestedScopes(authzReqMsgCtx, authorizedScopes);
}
boolean isDropUnregisteredScopes = OAuthServerConfiguration.getInstance().isDropUnregisteredScopes();
if (isDropUnregisteredScopes) {
if (log.isDebugEnabled()) {
log.debug("DropUnregisteredScopes config is enabled. Attempting to drop unregistered scopes.");
}
dropUnregisteredScopeFromRequestedScopes(authzReqMsgCtx);
}
//Validate scopes using global scope validators.
boolean isValid = validateScopes(authzReqMsgCtx, authzHandler);
boolean isValidatedScopesContainsInRequestedScopes = isValidatedScopesContainsInRequestedScopes(authzReqMsgCtx);
Expand Down

0 comments on commit 4af0ead

Please sign in to comment.