From 804be4d4be4a6491b2fa81bbe479fd4887e92f90 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 28 Jul 2015 15:52:08 -0400 Subject: [PATCH] OAuth scopes are space separated, not comma --- auth/scopes.py | 6 +++++- static/partials/manage-application.html | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/auth/scopes.py b/auth/scopes.py index 00633406d..3d8803d3a 100644 --- a/auth/scopes.py +++ b/auth/scopes.py @@ -1,5 +1,6 @@ from collections import namedtuple import features +import re Scope = namedtuple('scope', ['scope', 'icon', 'dangerous', 'title', 'description']) @@ -96,7 +97,10 @@ def scopes_from_scope_string(scopes): if not scopes: scopes = '' - return {ALL_SCOPES.get(scope, None) for scope in scopes.split(',')} + # Note: The scopes string should be space seperated according to the spec: + # https://tools.ietf.org/html/rfc6749#section-3.3 + # However, we also support commas for backwards compatibility with existing callers to our code. + return {ALL_SCOPES.get(scope, None) for scope in re.split(' |,', scopes)} def validate_scope_string(scopes): diff --git a/static/partials/manage-application.html b/static/partials/manage-application.html index 241451ebb..8a7fcb10b 100644 --- a/static/partials/manage-application.html +++ b/static/partials/manage-application.html @@ -121,7 +121,7 @@ Generate Access Token