From cf02433d6678f6c9b5e59d07a07818f172b84a80 Mon Sep 17 00:00:00 2001 From: Lance Rushing Date: Tue, 20 Oct 2020 14:19:14 -0700 Subject: [PATCH 1/2] Add scope to token refresh request. Closes #447 --- oauth2.go | 10 ++++++++-- oauth2_test.go | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/oauth2.go b/oauth2.go index 291df5c83..8ae29152c 100644 --- a/oauth2.go +++ b/oauth2.go @@ -267,10 +267,16 @@ func (tf *tokenRefresher) Token() (*Token, error) { return nil, errors.New("oauth2: token expired and refresh token is not set") } - tk, err := retrieveToken(tf.ctx, tf.conf, url.Values{ + + v := url.Values{ "grant_type": {"refresh_token"}, "refresh_token": {tf.refreshToken}, - }) + } + if len(tf.conf.Scopes) > 0 { + v.Set("scope", strings.Join(tf.conf.Scopes, " ")) + } + + tk, err := retrieveToken(tf.ctx, tf.conf, v) if err != nil { return nil, err diff --git a/oauth2_test.go b/oauth2_test.go index b7975e166..c278f93cd 100644 --- a/oauth2_test.go +++ b/oauth2_test.go @@ -440,7 +440,7 @@ func TestTokenRefreshRequest(t *testing.T) { t.Errorf("Unexpected Content-Type header %q", headerContentType) } body, _ := ioutil.ReadAll(r.Body) - if string(body) != "grant_type=refresh_token&refresh_token=REFRESH_TOKEN" { + if string(body) != "grant_type=refresh_token&refresh_token=REFRESH_TOKEN&scope=scope1+scope2" { t.Errorf("Unexpected refresh token payload %q", body) } w.Header().Set("Content-Type", "application/json") From fa2a6745601368bbe2abefd6236fa71cbcff4095 Mon Sep 17 00:00:00 2001 From: Lance Rushing Date: Fri, 23 Oct 2020 10:23:32 -0700 Subject: [PATCH 2/2] Add scope to Exchange request See https://tools.ietf.org/html/rfc6749#section-4.1.1 --- oauth2.go | 3 +++ oauth2_test.go | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/oauth2.go b/oauth2.go index 8ae29152c..78ffde907 100644 --- a/oauth2.go +++ b/oauth2.go @@ -218,6 +218,9 @@ func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOpti if c.RedirectURL != "" { v.Set("redirect_uri", c.RedirectURL) } + if len(c.Scopes) > 0 { + v.Set("scope", strings.Join(c.Scopes, " ")) + } for _, opt := range opts { opt.setValue(v) } diff --git a/oauth2_test.go b/oauth2_test.go index c278f93cd..41be846eb 100644 --- a/oauth2_test.go +++ b/oauth2_test.go @@ -110,7 +110,7 @@ func TestExchangeRequest(t *testing.T) { if err != nil { t.Errorf("Failed reading request body: %s.", err) } - if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" { + if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL&scope=scope1+scope2" { t.Errorf("Unexpected exchange payload; got %q", body) } w.Header().Set("Content-Type", "application/x-www-form-urlencoded") @@ -154,7 +154,7 @@ func TestExchangeRequest_CustomParam(t *testing.T) { if err != nil { t.Errorf("Failed reading request body: %s.", err) } - if string(body) != "code=exchange-code&foo=bar&grant_type=authorization_code&redirect_uri=REDIRECT_URL" { + if string(body) != "code=exchange-code&foo=bar&grant_type=authorization_code&redirect_uri=REDIRECT_URL&scope=scope1+scope2" { t.Errorf("Unexpected exchange payload, %v is found.", string(body)) } w.Header().Set("Content-Type", "application/x-www-form-urlencoded") @@ -200,7 +200,7 @@ func TestExchangeRequest_JSONResponse(t *testing.T) { if err != nil { t.Errorf("Failed reading request body: %s.", err) } - if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" { + if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL&scope=scope1+scope2" { t.Errorf("Unexpected exchange payload, %v is found.", string(body)) } w.Header().Set("Content-Type", "application/json")