Integration libraries and samples for authenticating users and clients bound to XSUAA authentication and authorization service or Identity authentication service.
Apache License 2.0
151
stars
135
forks
source link
UserInfoAuthenticationConverter.extractAuthorities is not implemented appropriately #11
When jwt token consists of multiple scopes, then the scope claim has the following value, incl. whitespaces, leading and trailing brackets and comma separator.
nenaraab
commented
5 years ago
When jwt token consists of multiple scopes, then the scope claim has the following value, incl. whitespaces, leading and trailing brackets and comma separator.
but
UserInfoAuthenticationConverter.extractAuthorities()returns only one scope.https://github.com/SAP/cloud-security-xsuaa-integration/blob/develop/spring-xsuaa/src/main/java/com/sap/xs2/security/container/UserInfoAuthenticationConverter.java#L49