@@ -228,26 +228,22 @@ check_token(Token, {ResourceServer, InternalOAuthProvider}) ->
228228 {false , _ } -> {refused , signature_invalid }
229229 end .
230230
231+ extract_scopes_from_scope_claim (Payload ) ->
232+ case maps :find (? SCOPE_JWT_FIELD , Payload ) of
233+ {ok , Bin } when is_binary (Bin ) ->
234+ maps :put (? SCOPE_JWT_FIELD ,
235+ binary :split (Bin , <<" " global , trim_all ]),
236+ Payload );
237+ _ -> Payload
238+ end .
239+
231240-spec normalize_token_scope (
232241 ResourceServer :: resource_server (), DecodedToken :: decoded_jwt_token ()) -> map ().
233242normalize_token_scope (ResourceServer , Payload ) ->
234- Payload0 = maps :map (fun (K , V ) ->
235- case K of
236- ? SCOPE_JWT_FIELD when is_binary (V ) ->
237- binary :split (V , <<" " global , trim_all ]);
238- _ -> V
239- end
240- end , Payload ),
241-
242- Payload1 = case has_additional_scopes_key (ResourceServer , Payload0 ) of
243- true -> extract_scopes_from_additional_scopes_key (ResourceServer , Payload0 );
244- false -> Payload0
245- end ,
246-
247- Payload2 = case ResourceServer # resource_server .scope_aliases of
248- undefined -> Payload1 ;
249- ScopeAliases -> extract_scopes_using_scope_aliases (ScopeAliases , Payload1 )
250- end ,
243+
244+ Payload2 = extract_scopes_using_scope_aliases (ResourceServer ,
245+ extract_scopes_from_additional_scopes_key (ResourceServer ,
246+ extract_scopes_from_scope_claim (Payload ))),
251247
252248 Payload3 = case has_rich_auth_request_scopes (Payload2 ) of
253249 true -> extract_scopes_from_rich_auth_request (ResourceServer , Payload2 );
@@ -260,35 +256,30 @@ normalize_token_scope(ResourceServer, Payload) ->
260256
261257
262258-spec extract_scopes_using_scope_aliases (
263- ScopeAliasMapping :: map (), Payload :: map ()) -> map ().
264- extract_scopes_using_scope_aliases (ScopeAliasMapping , Payload ) ->
265- Scopes0 = get_scope (Payload ),
266- Scopes = rabbit_data_coercion :to_list_of_binaries (Scopes0 ),
267- % % for all scopes, look them up in the scope alias map, and if they are
268- % % present, add the alias to the final scope list. Note that we also preserve
269- % % the original scopes, it should not hurt.
270- ExpandedScopes =
271- lists :foldl (fun (ScopeListItem , Acc ) ->
272- case maps :get (ScopeListItem , ScopeAliasMapping , undefined ) of
273- undefined ->
274- Acc ;
275- MappedList when is_list (MappedList ) ->
276- Binaries = rabbit_data_coercion :to_list_of_binaries (MappedList ),
277- Acc ++ Binaries ;
278- Value ->
279- Binaries = rabbit_data_coercion :to_list_of_binaries (Value ),
280- Acc ++ Binaries
281- end
282- end , Scopes , Scopes ),
283- set_scope (ExpandedScopes , Payload ).
284-
285- -spec has_additional_scopes_key (
286- ResourceServer :: resource_server (), Payload :: map ()) -> boolean ().
287- has_additional_scopes_key (ResourceServer , Payload ) when is_map (Payload ) ->
288- case ResourceServer # resource_server .additional_scopes_key of
289- undefined -> false ;
290- _ -> true
291- end .
259+ ResourceServer :: resource_server (), Payload :: map ()) -> map ().
260+ extract_scopes_using_scope_aliases (
261+ # resource_server {scope_aliases = ScopeAliasMapping } = ResourceServer , Payload )
262+ when is_map (ScopeAliasMapping ) ->
263+ Scopes0 = get_scope (Payload ),
264+ Scopes = rabbit_data_coercion :to_list_of_binaries (Scopes0 ),
265+ % % for all scopes, look them up in the scope alias map, and if they are
266+ % % present, add the alias to the final scope list. Note that we also preserve
267+ % % the original scopes, it should not hurt.
268+ ExpandedScopes =
269+ lists :foldl (fun (ScopeListItem , Acc ) ->
270+ case maps :get (ScopeListItem , ScopeAliasMapping , undefined ) of
271+ undefined ->
272+ Acc ;
273+ MappedList when is_list (MappedList ) ->
274+ Binaries = rabbit_data_coercion :to_list_of_binaries (MappedList ),
275+ Acc ++ Binaries ;
276+ Value ->
277+ Binaries = rabbit_data_coercion :to_list_of_binaries (Value ),
278+ Acc ++ Binaries
279+ end
280+ end , Scopes , Scopes ),
281+ set_scope (ExpandedScopes , Payload );
282+ extract_scopes_using_scope_aliases (_ , Payload ) -> Payload .
292283
293284% % Path is a binary expression which is a plain word like <<"roles">>
294285% % or +1 word separated by . like <<"authorization.permissions.scopes">>
@@ -361,22 +352,23 @@ extract_token_value_from_list(R, [_ | T], Acc, KeyList, Mapper) ->
361352 extract_token_value_from_list (R , T , Acc , KeyList , Mapper ).
362353
363354
364- % split_path(Path) when is_list(Path) ->
365- % string:tokens(Path, ".");
366355split_path (Path ) when is_binary (Path ) ->
367356 binary :split (Path , <<" ." global , trim_all ]).
368357
369358
370359-spec extract_scopes_from_additional_scopes_key (
371360 ResourceServer :: resource_server (), Payload :: map ()) -> map ().
372- extract_scopes_from_additional_scopes_key (ResourceServer , Payload ) ->
373- Paths = case ResourceServer # resource_server .additional_scopes_key of
361+ extract_scopes_from_additional_scopes_key (
362+ # resource_server {additional_scopes_key = Key } = ResourceServer , Payload )
363+ when is_list (Key ) or is_binary (Key ) ->
364+ Paths = case Key of
374365 B when is_binary (B ) -> binary :split (B , <<" " global , trim_all ]);
375366 L when is_list (L ) -> L
376367 end ,
377368 AdditionalScopes = [ extract_token_value (ResourceServer ,
378369 Payload , Path , fun extract_scope_list_from_token_value /2 ) || Path <- Paths ],
379- set_scope (lists :flatten (AdditionalScopes ) ++ get_scope (Payload ), Payload ).
370+ set_scope (lists :flatten (AdditionalScopes ) ++ get_scope (Payload ), Payload );
371+ extract_scopes_from_additional_scopes_key (_ , Payload ) -> Payload .
380372
381373extract_additional_scopes (ResourceServer , ComplexClaim ) ->
382374 ResourceServerId = ResourceServer # resource_server .id ,
0 commit comments