[cas-user] oauth 2 access token scope in json array? not string

Thu, 20 Sep 2018 02:20:53 -0700 

Hi, I'm using cas 6.0.0-rc2 with reactive spring-security-oauth2-client 
service:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientId",
  "clientSecret": "clientSecret",
  "serviceId" : "http://server.docker:8080/login/oauth2/code/cas";,
  "name" : "OAuthService",
  "jsonFormat" : true,
  "id" : 100
}


when access token scope comes from cas

{"access_token":"AT-19-L8znqVHp3Tm4gMZmnuW7aQ9Clez6cNaP","token_type":
"bearer","expires_in":28800,"scope":["PROFILE"]}

but in rfc6749 it's a list of space-delimited, case-sensitive strings:

 The value of the scope parameter is expressed as a list of space-
   delimited, case-sensitive strings.  The strings are defined by the
   authorization server.  If the value contains multiple space-delimited
   strings, their order does not matter, and each string adds an
   additional access range to the requested scope.


 https://tools.ietf.org/html/rfc6749#section-3.3

In spring-security-oauth2-core (OAuth2AccessTokenResponseBodyExtractor) 
it's string:

ParameterizedTypeReference<Map<String, String>> type = new 
ParameterizedTypeReference<Map<String, String>>() {};
BodyExtractor<Mono<Map<String, String>>, ReactiveHttpInputMessage> delegate = 
BodyExtractors.toMono(type);

Error on cas access token:


JSON decoding error: Cannot deserialize instance of `java.lang.String` out of 
START_ARRAY token; 

nested exception is 
com.fasterxml.jackson.databind.exc.MismatchedInputException: 

Cannot deserialize instance of `java.lang.String` out of START_ARRAY token at 

[Source: UNKNOWN; line: -1, column: -1] (through reference chain: 
java.util.LinkedHashMap["scope"])


from 
https://docs.apigee.com/api-platform/security/oauth/working-scopes#codeexamples-defaultcase

{
  ...
  *"scope" : "A B C"*,

  ...

}






-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d33669f3-93bd-4914-8daf-b9da6c8e8eb0%40apereo.org.

Reply via email to