Add a new guard clause to the oauth2 client credentials flow. by decko · Pull Request #1050 · pulp/pulp-cli

decko · 2024-08-26T23:43:30Z

mdellweg · 2024-08-27T15:05:56Z

+        if scope := " ".join(self.scopes):
+            data["scope"] = scope


This would be an actual change, but what is the issue we are solving here?

Some Idps doesn't require a scope parameter to issue a token. And since it's not required, maybe sending it as an empty value could cause an issue with the IdP itself.

"Maybe" is a bit vague. Can you find a place in rcf6749 being specific about this?

https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

scope OPTIONAL. The scope of the access request as described by [Section 3.3](https://datatracker.ietf.org/doc/html/rfc6749#section-3.

This tells me it's optional. But is it allowed to send an empty string? If yes, does it convey a different semantic?

As we stated, if the scope is to be used, it must not be empty. https://datatracker.ietf.org/doc/html/rfc6749#section-3.3

According to the section 3.3 of RFC 6749 OAuth2 Access Token Scope, this is the notation that defines how the scope should be send to the IdentityProvider: `scope = scope-token *( SP scope-token )` Basically it should be omitted if it's empty.

github-actions Bot added the no-issue label Aug 26, 2024

decko force-pushed the oauth2_fixes branch 3 times, most recently from 73a5c0a to 64d63ae Compare August 27, 2024 14:34

mdellweg requested changes Aug 27, 2024

View reviewed changes

decko force-pushed the oauth2_fixes branch from 64d63ae to fcbfec4 Compare August 27, 2024 20:33

decko changed the title ~~Add new guard clauses to the oauth2 client credentials flow.~~ Add a new guard clause to the oauth2 client credentials flow. Aug 27, 2024

decko force-pushed the oauth2_fixes branch from fcbfec4 to 5a4b9fe Compare August 28, 2024 06:07

decko force-pushed the oauth2_fixes branch from 5a4b9fe to 95f703f Compare September 4, 2024 08:04

mdellweg previously approved these changes Sep 4, 2024

View reviewed changes

mdellweg enabled auto-merge (rebase) September 4, 2024 08:05

auto-merge was automatically disabled September 4, 2024 09:41
Head branch was pushed to by a user without write access

decko force-pushed the oauth2_fixes branch from 95f703f to 6b8ae76 Compare September 4, 2024 09:41

decko dismissed mdellweg’s stale review via 7a8f2e1 September 4, 2024 09:44

decko force-pushed the oauth2_fixes branch from 6b8ae76 to 7a8f2e1 Compare September 4, 2024 09:44

mdellweg approved these changes Sep 4, 2024

View reviewed changes

mdellweg merged commit 9459971 into pulp:main Sep 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a new guard clause to the oauth2 client credentials flow.#1050

Add a new guard clause to the oauth2 client credentials flow.#1050
mdellweg merged 1 commit into
pulp:mainfrom
decko:oauth2_fixes

decko commented Aug 26, 2024

Uh oh!

Uh oh!

Uh oh!

mdellweg Aug 27, 2024

Uh oh!

decko Aug 27, 2024

Uh oh!

mdellweg Aug 27, 2024

Uh oh!

decko Aug 28, 2024

Uh oh!

mdellweg Aug 29, 2024

Uh oh!

decko Sep 4, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

decko commented Aug 26, 2024

Uh oh!

Uh oh!

Uh oh!

mdellweg Aug 27, 2024

Choose a reason for hiding this comment

Uh oh!

decko Aug 27, 2024

Choose a reason for hiding this comment

Uh oh!

mdellweg Aug 27, 2024

Choose a reason for hiding this comment

Uh oh!

decko Aug 28, 2024

Choose a reason for hiding this comment

Uh oh!

mdellweg Aug 29, 2024

Choose a reason for hiding this comment

Uh oh!

decko Sep 4, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

decko Sep 4, 2024 •

edited

Loading