Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Consent should always be required when the authorization request ask for the offline scope

Download Browse

The OpenID Core specification [0] says that when using the offline_access scope the prompt parameter must contains the consent value or other conditions to process the request are in place. To avoid adding yet another case of error when the prompt parameter is not correctly set, requesting the offline_access scope now acts as if you had set 'prompt=consent' to the request. Part of story #14714: be an OpenID Connect provider [0] https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess Change-Id: I9f832e980d31b0b14a941e17924d640acffd44bf

+56 −2
Thomas Gerbet (tgerbet) 2020-04-15 09:49
Thomas Gerbet (tgerbet) 2020-04-15 11:06
be607acd072c9eb52c2adb5625cbdaee671ddf29
8f9f76978aed8bddb53875306af3205a85c3238c
git #tuleap/stable/be607acd072c9eb52c2adb5625cbdaee671ddf29

Modified Files

Side by side diff
Inline diff
Name
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationEndpointController.php +18 −1 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +1 −0 Go to diff View file
M plugins/oauth2_server/phpunit/AuthorizationServer/AuthorizationEndpointControllerTest.php +37 −1 Go to diff View file