Add a function to resolve allowed scopes from rules (#2424)
This commit is contained in:
parent
c30b452aa3
commit
5562d8b1dd
|
@ -1328,6 +1328,48 @@ sub getAttributesListFromClaim {
|
||||||
return $self->rpAttributes->{$rp}->{$claim};
|
return $self->rpAttributes->{$rp}->{$claim};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Return granted scopes for this request
|
||||||
|
# @param req current request
|
||||||
|
# @param req selected RP
|
||||||
|
# @param scope requested scope
|
||||||
|
sub getScope {
|
||||||
|
my ( $self, $req, $rp, $scope ) = @_;
|
||||||
|
|
||||||
|
my @scope_values = split( /\s+/, $scope );
|
||||||
|
|
||||||
|
# If this RP has dynamic scopes
|
||||||
|
if ( $self->spScopeRules->{$rp} ) {
|
||||||
|
|
||||||
|
# Add dynamic scopes
|
||||||
|
for my $dynamicScope ( keys %{ $self->spScopeRules->{$rp} } ) {
|
||||||
|
|
||||||
|
# Set a magic "$requested" variable that contains true if the
|
||||||
|
# scope was requested by the application
|
||||||
|
my $requested = grep { $_ eq $dynamicScope } @scope_values;
|
||||||
|
my $attributes = { %{ $req->userData }, requested => $requested };
|
||||||
|
|
||||||
|
# If scope is granted by the rule
|
||||||
|
if ( $self->spScopeRules->{$rp}->{$dynamicScope}
|
||||||
|
->( $req, $attributes ) )
|
||||||
|
{
|
||||||
|
# Add to list
|
||||||
|
unless ( grep { $_ eq $dynamicScope } @scope_values ) {
|
||||||
|
push @scope_values, $dynamicScope;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# Else make sure it is not granted
|
||||||
|
else {
|
||||||
|
@scope_values = grep { $_ ne $dynamicScope } @scope_values;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$self->p->processHook( $req, 'oidcResolveScope', \@scope_values, $rp );
|
||||||
|
return join( ' ', @scope_values );
|
||||||
|
}
|
||||||
|
|
||||||
# Return Hash of UserInfo data
|
# Return Hash of UserInfo data
|
||||||
# @param scope OIDC scope
|
# @param scope OIDC scope
|
||||||
# @param rp Internal Relying Party identifier
|
# @param rp Internal Relying Party identifier
|
||||||
|
|
Loading…
Reference in New Issue
Block a user