llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 03:00:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: fix empty scope bug in RefreshToken API (#3467)

Browse Source 
* fix: fix scope will be empty when user not passing scope in refresh api

* fix: promote code format
This commit is contained in:
DacongDA
2025-01-02 12:53:17 +08:00
committed by GitHub
parent 8457ff7433
commit e5a2057382
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
object/token_oauth.go
View File

@ -309,22 +309,29 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
}, nil
}
var oldTokenScope string
if application.TokenFormat == "JWT-Standard" {
_, err = ParseStandardJwtToken(refreshToken, cert)
oldToken, err := ParseStandardJwtToken(refreshToken, cert)
if err != nil {
return &TokenError{
Error: InvalidGrant,
ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
}, nil
}
oldTokenScope = oldToken.Scope
} else {
_, err = ParseJwtToken(refreshToken, cert)
oldToken, err := ParseJwtToken(refreshToken, cert)
if err != nil {
return &TokenError{
Error: InvalidGrant,
ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
}, nil
}
oldTokenScope = oldToken.Scope
}
if scope == "" {
scope = oldTokenScope
}
// generate a new token