Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

introspect endpoint don't follow rfc7662 #1229

Open
IIDarkKnightII opened this issue Mar 6, 2020 · 4 comments
Open

introspect endpoint don't follow rfc7662 #1229

IIDarkKnightII opened this issue Mar 6, 2020 · 4 comments
Assignees
@strehle
Labels
bug unscheduled waiting-4-pr Pull-Request is wanted in order to proceed
Milestone
icebox

Comments

@IIDarkKnightII
Copy link

SECURITY NOTICE: If you have found a security problem in the UAA, please do not file a public github issue. Instead, please send an email to [email protected]

Thanks for taking the time to file an issue. You'll minimize back and forth and help us help you more effectively by answering all of the following questions as specifically and completely as you can.

What version of UAA are you running?

http://docs.cloudfoundry.org/api/uaa/version/74.15.0

What did you do?

Hit /introspect endpoint to fetch the scope.

What did you expect to see? What goal are you trying to achieve with the UAA?

According to RFC, the SCOPE should be a JSON String containing a space-separated list of scopes associated with the token. And this is how all the frameworks like Spring Security etc. and most of the major programming languages has built by following RFC.

RFC for Reference

"scope" : "scim.userids openid cloud_controller.read password.write cloud_controller.write

What did you see instead?

I get the scope as an array like below:
"scope" : [ "scim.userids", "openid", "cloud_controller.read", "password.write", "cloud_controller.write" ]
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/171670320

The labels on this github issue will be updated when the story is started.

@IIDarkKnightII IIDarkKnightII mentioned this issue Mar 6, 2020
Closed
@joshuatcasey
Copy link
Contributor

Thanks for bringing this to our attention @IIDarkKnightII - our Product Managers are looking into this and we'll update with our next steps, hopefully very soon!

@DanSalt
Copy link

DanSalt commented Aug 10, 2020
edited
Loading

Is there any update on this? We're currently blocked on this, as we're trying to integrate UAA with Kafka (which uses KeyCloak - which expects the scope to be a single string). I appreciate there's a backwards-compatibility issue here, but could it be added with a flag to switch between the two formats? cc @joshuatcasey

@shamus
Copy link
Contributor

shamus commented Aug 12, 2020

Hi @DanSalt backwards compatibility is the kicker. This issue isn't currently a priority for us, but we'd be open to a PR. If you wanted to put together a proposal describing how the flag would work and how you'd implement this feature we'd be happy to discuss it.

@strehle strehle added this to the icebox milestone Aug 7, 2021
@strehle strehle added the bug label Aug 7, 2021
@strehle strehle added the waiting-4-pr Pull-Request is wanted in order to proceed label Mar 23, 2022
@strehle strehle self-assigned this Nov 18, 2022
@strehle strehle mentioned this issue Jan 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@strehle strehle

Labels
bug unscheduled waiting-4-pr Pull-Request is wanted in order to proceed
Projects
Foundational Infrastructure Working Group
Status: Inbox
Milestone
icebox
Development

No branches or pull requests
6 participants
@shamus @cf-gitbot @strehle @DanSalt @joshuatcasey @IIDarkKnightII