Closed wangsijie closed 4 days ago
In token exchange grant: filter out non-oidc scopes when resource is not present (the audience is OP).
In other grant type flow, this is done by Grant class. But there is no Grant instance in token exchange, so we have to do it manually. The oidcScopes list comes from oidc.provider, SSOT is ensured. https://github.com/panva/node-oidc-provider/blob/0c569cf5c36dd5faa105fb931a43b2e587530def/lib/helpers/oidc_context.js#L159
Grant
oidcScopes
oidc.provider
Integration tests.
.changeset
master
Total Size Diff :chart_with_upwards_trend: +1.18 KB
Summary
In token exchange grant: filter out non-oidc scopes when resource is not present (the audience is OP).
In other grant type flow, this is done by
Grant
class. But there is noGrant
instance in token exchange, so we have to do it manually. TheoidcScopes
list comes fromoidc.provider
, SSOT is ensured. https://github.com/panva/node-oidc-provider/blob/0c569cf5c36dd5faa105fb931a43b2e587530def/lib/helpers/oidc_context.js#L159Testing
Integration tests.
Checklist
.changeset