Incorrect Handling of Scopes with Special Character "|" in scp Claim #3829
Labels
bug
Something is not working.
Comments
|
After a bit of digging, have found the issue to be during persisting the scopes in some tables we are using "|" (pipe) as the delimiter. below are the code references hydra/persistence/sql/persister_oauth2.go Line 113 in f83193f hydra/persistence/sql/persister_oauth2.go Line 161 in f83193f If we escape and unescape using some logic like below , then it might resolve this issue |
|
Based on inputs from slack channel from @tacurran ,have used url escape and unescape, which does resolve the issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preflight checklist
Ory Network Project
No response
Describe the bug
When using a scope that includes the special character "|" (e.g., A|B), we expect the scp claim in the access token to contain the scope as a single string, i.e.,["A|B"]. However, the actual result is that the scope is split into separate elements, resulting in
["A", "B"]
Note: The scopes in the access token are returned fine i.e as ["A|B"] for client credentails grant type.
But when the grant type is "authorization_code" and there is a consent flow involved, it gives scope in access token as ["A", "B"]
Reproducing the bug
Relevant log output
No response
Relevant configuration
No response
Version
2.2
On which operating system are you observing this issue?
None
In which environment are you deploying?
Docker
Additional Context
Looking at the scopes stored in hydra_client table, the scopes are stored space separated, but in hydra_oauth2_access table these are stored using "|", might be resulting into this issue
The text was updated successfully, but these errors were encountered: