Skip to content

Commit

Permalink
Merge pull request PelicanPlatform#1800 from brianaydemir/issue-1494
Browse files Browse the repository at this point in the history 
Escape user and group names in issued tokens (PelicanPlatform#1494)
  • Loading branch information
@brianaydemir
brianaydemir authored Dec 16, 2024
2 parents d4464da + bc2f2b2 commit 18b5ba4
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions oa4mp/resources/policies.qdl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,12 @@ scopes := {};
while [has_value(key, group_list.)]
[
group_scopes := { {{- range $idx, $action := .Actions }}{{- if eq $idx 0 -}}'{{- $action -}}:'{{else}}, '{{- $action -}}:'{{- end -}}{{ end -}} } + '{{- .Prefix -}}';
scopes := scopes \/ |^replace(~group_scopes, '$GROUP', key);
scopes := scopes \/ |^replace(~group_scopes, '$GROUP', encode(key, 1)); /* 1 = URL-encode (RFC 3986) */
];
{{- end }}
{{ range .UserAuthzTemplates }}
user_scopes := { {{- range $idx, $action := .Actions }}{{- if eq $idx 0 -}}'{{- $action -}}:'{{else}}, '{{- $action -}}:'{{- end -}}{{ end -}} } + '{{- .Prefix -}}';
scopes := scopes \/ |^replace(~user_scopes, '$USER', claims.'sub');
scopes := scopes \/ |^replace(~user_scopes, '$USER', encode(claims.'sub', 1)); /* 1 = URL-encode (RFC 3986) */
{{ end }}
access_token.'scope' := detokenize(scopes, ' ', 2);

Expand Down

0 comments on commit 18b5ba4

Please sign in to comment.