Open IIDarkKnightII opened 4 years ago
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/171670320
The labels on this github issue will be updated when the story is started.
Thanks for bringing this to our attention @IIDarkKnightII - our Product Managers are looking into this and we'll update with our next steps, hopefully very soon!
Is there any update on this? We're currently blocked on this, as we're trying to integrate UAA with Kafka (which uses KeyCloak - which expects the scope to be a single string). I appreciate there's a backwards-compatibility issue here, but could it be added with a flag to switch between the two formats? cc @joshuatcasey
Hi @DanSalt backwards compatibility is the kicker. This issue isn't currently a priority for us, but we'd be open to a PR. If you wanted to put together a proposal describing how the flag would work and how you'd implement this feature we'd be happy to discuss it.
SECURITY NOTICE: If you have found a security problem in the UAA, please do not file a public github issue. Instead, please send an email to security@cloudfoundry.org
Thanks for taking the time to file an issue. You'll minimize back and forth and help us help you more effectively by answering all of the following questions as specifically and completely as you can.
What version of UAA are you running?
http://docs.cloudfoundry.org/api/uaa/version/74.15.0
What did you do?
Hit
/introspect
endpoint to fetch the scope.What did you expect to see? What goal are you trying to achieve with the UAA?
According to RFC, the SCOPE should be a JSON String containing a space-separated list of scopes associated with the token. And this is how all the frameworks like Spring Security etc. and most of the major programming languages has built by following RFC.
RFC for Reference
"scope" : "scim.userids openid cloud_controller.read password.write cloud_controller.write
What did you see instead?
I get the scope as an array like below:
"scope" : [ "scim.userids", "openid", "cloud_controller.read", "password.write", "cloud_controller.write" ]