OAuth scopes are space separated, not comma

This commit is contained in:
Joseph Schorr 2015-07-28 15:52:08 -04:00
parent c7e464ddf2
commit 804be4d4be
2 changed files with 6 additions and 2 deletions

View file

@ -1,5 +1,6 @@
from collections import namedtuple
import features
import re
Scope = namedtuple('scope', ['scope', 'icon', 'dangerous', 'title', 'description'])
@ -96,7 +97,10 @@ def scopes_from_scope_string(scopes):
if not scopes:
scopes = ''
return {ALL_SCOPES.get(scope, None) for scope in scopes.split(',')}
# Note: The scopes string should be space seperated according to the spec:
# https://tools.ietf.org/html/rfc6749#section-3.3
# However, we also support commas for backwards compatibility with existing callers to our code.
return {ALL_SCOPES.get(scope, None) for scope in re.split(' |,', scopes)}
def validate_scope_string(scopes):

View file

@ -121,7 +121,7 @@
</table>
<a class="btn btn-success"
href="{{ Config.getUrl('/oauth/authorize?response_type=token&client_id=' + application.client_id + '&scope=' + getScopes(genScopes).join(',') + '&redirect_uri=' + Config.getUrl(Config['LOCAL_OAUTH_HANDLER'])) }}"
href="{{ Config.getUrl('/oauth/authorize?response_type=token&client_id=' + application.client_id + '&scope=' + getScopes(genScopes).join(' ') + '&redirect_uri=' + Config.getUrl(Config['LOCAL_OAUTH_HANDLER'])) }}"
ng-disabled="!getScopes(genScopes).length" target="_blank">
Generate Access Token
</a>