client Scope validation
royepel opened this issue · comments
Hi,
Where do i need to validate the scope requested (by the client) with scope allowed for that specific client ?
We can validate the scope after get AuthInfo
instance.
I think we have two solutions.
1 . Into DataHandler#findAuthInfoByAccessToken
method
DataHandler#findAuthInfoByAccessToken
method need to return AuthInfo
, so you can validate after get the AuthInfo
.
You need to pass a scope parameter to your DataHandler instance from HTTP request parameter.
2 . After ProtectedResource#authorize method (play2-oauth2-provider)
We can directly use ProtectedResource
instance (protectedResource) on OAuth2Provider.
val f = protectedResource.handleRequest(request, new YourDataHandler()).flatMap {
case Left(e) => throw e
case Right(authInfo) => {
if (authInfo.scope != scope) {
throw new InvalidScope
}
}
}
You need to handle exception like below.
Both case, you should throw InvalidScope exception if scope is invalid.
Thank you for your quick answer.