DefaultAuthoritiesMapper is parsing scopes as URI having a leading slash

[klopfdreh]

Hey,

currently we have an issue with the mapping of authorities. Our scopes containing information divided with a / sign. Example: /F///FUNC/2000803036///X

Because of the following method: https://github.com/spring-cloud/spring-cloud-common-security-config/blob/bccaa04fcf5813be8b144d7cec7f05abc3539faf/spring-cloud-common-security-config-web/src/main/java/org/springframework/cloud/common/security/support/DefaultAuthoritiesMapper.java#L216 - the scope is parsed as a URI and cropped after the first /.

Because of this we have to define our role / scope mapping like:

    spring:
      cloud:
        dataflow:  
          security:
            authorization:
                user_login:
                  map-oauth-scopes: true
                  role-mappings:
                    ROLE_CREATE: 'F///FUNC/2000803037///X'

As of the RFC https://datatracker.ietf.org/doc/html/rfc6749#section-3.3 scopes are just Strings and should be handled like this, so it might be good to make this functionality of parsing as a URI optional / configurable so that the scopes are not parsed when they shouldn't.

Thanks a lot in advance.

[onobc]

Thanks for the report @klopfdreh . We will take a look at this.

[klopfdreh]

Hey @onobc - I suggested a PR. With this you can apply a config to disable the parsing of the pathParts. Hope I didn't missed something. 😃

[onobc]

Hi @klopfdreh , thanks for the code proposal. I will take a look w/in the next 24hrs.

[klopfdreh]

The solution is implemented like this:

   spring:
      cloud:
        dataflow:  
          security:
            authorization:
                user_login:
                  map-oauth-scopes: true
                  parse-oauth-scope-path-parts: false
                  role-mappings:
                    ROLE_CREATE: '/F///FUNC/2000803037///X'