Open rksk opened 3 years ago
@janakamarasena @senthalan Will we ever need to allow leading space or trailing in any request parameters in the /oauth2/token request?
I am thinking rather than handling this specifically for the password grant, to remove leading and trailing whitespaces on all grant type params. WDYT?
@janakamarasena @senthalan Will we ever need to allow leading space or trailing in any request parameters in the /oauth2/token request?
I am thinking rather than handling this specifically for the password grant, to remove leading and trailing whitespaces on all grant type params. WDYT? +1
And I think it is better to handle trimming the space in the server-side as well. I hope this method will be used by all the authenticators which handler the username input.
+1 for the suggestions. We shouldn't need leading or trailing whitespace.
Migara Pramod will work on this.
Describe the issue: If we invoke the password grant with whitespaces at the beginning or the end, the
sub
of the issued id_token contains the same username with whitespace while the real user on the userstore does not have whitespace in the username.The same issue is existing in the basic authenticator and we have avoided it by trimming the username in the authentication endpoint.
How to reproduce:
sub
in id_tokne will contain the same username whitespacesExpected behavior: The
sub
should contain the correct username on the userstoreEnvironment information