Scopes string is incorrectly formed when required RequiredScopes is s… (

#352) * Scopes string is incorrectly formed when required RequiredScopes is specified Co-authored-by: Tim Hess <[email protected]>
SteeltoeOSS · Jun 8, 2020 · 151f3d2 · 151f3d2
1 parent b381a7d
commit 151f3d2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/src/Security/src/Authentication.CloudFoundryBase/TokenExchanger.cs b/src/Security/src/Authentication.CloudFoundryBase/TokenExchanger.cs
@@ -161,7 +161,7 @@ internal List<KeyValuePair<string, string>> CommonTokenRequestParams()
             var scopes = "openid " + _options.AdditionalTokenScopes;
             if (_options.RequiredScopes != null)
             {
-                scopes = string.Join(" ", scopes, _options.RequiredScopes);
+                scopes = scopes.Trim() + " " + string.Join(" ", _options.RequiredScopes);
             }
 
             return new List<KeyValuePair<string, string>>

diff --git a/src/Security/test/Authentication.CloudFoundryBase.Test/TokenExchangerTest.cs b/src/Security/test/Authentication.CloudFoundryBase.Test/TokenExchangerTest.cs
@@ -71,6 +71,18 @@ public void ClientCredentialsTokenRequestParameters_ReturnsCorrectly()
             Assert.Equal(OpenIdConnectGrantTypes.ClientCredentials, parameters.First(i => i.Key == "grant_type").Value);
         }
 
+        [Fact]
+        public void CommonTokenRequestParamsHandlesScopes()
+        {
+            // arrange
+            var opts = new AuthServerOptions { AdditionalTokenScopes = "onescope", RequiredScopes = new string[] { "twoscope" } };
+            var tEx = new TokenExchanger(opts);
+
+            // act
+            var parameters = tEx.CommonTokenRequestParams();
+            Assert.Equal("openid onescope twoscope", parameters.First(i => i.Key == CloudFoundryDefaults.ParamsScope).Value);
+        }
+
         [Fact]
         public async void ExchangeAuthCodeForClaimsIdentity_ExchangesCodeForIdentity()
         {