Merge pull request #2231 from thanujalk/master

Fix SessionDataKeyConsent null issue
wso2-extensions · Oct 28, 2023 · a64fc95 · a64fc95
2 parents 9369b26 + 06852a8
commit a64fc95
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/...src/main/java/org/wso2/carbon/identity/oauth2/validators/DefaultOAuth2ScopeValidator.java b/...src/main/java/org/wso2/carbon/identity/oauth2/validators/DefaultOAuth2ScopeValidator.java
@@ -95,6 +95,7 @@ public List<String> validateScope(OAuthAuthzReqMessageContext authzReqMessageCon
         }
         List<String> authorizedScopes = getAuthorizedScopes(requestedScopes, authzReqMessageContext
                         .getAuthorizationReqDTO().getUser(), appId, null, tenantDomain);
+        handleInternalLoginScope(requestedScopes, authorizedScopes);
         removeRegisteredScopes(authzReqMessageContext);
         return authorizedScopes;
     }
@@ -129,7 +130,8 @@ public List<String> validateScope(OAuthTokenReqMessageContext tokenReqMessageCon
         List<String> authorizedScopes = getAuthorizedScopes(requestedScopes, tokenReqMessageContext
                         .getAuthorizedUser(), appId, grantType, tenantDomain);
         removeRegisteredScopes(tokenReqMessageContext);
-        if (OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) && authorizedScopes.contains(SYSTEM_SCOPE)) {
+        handleInternalLoginScope(requestedScopes, authorizedScopes);
+        if (OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType)) {
             authorizedScopes.remove(INTERNAL_LOGIN_SCOPE);
         }
         return authorizedScopes;
@@ -413,4 +415,18 @@ private String resolveOrgIdByTenantDomain(String tenantDomain) throws IdentityOA
         }
     }
 
+    /**
+     * This is to persist the previous behaviour with the "internal_login" scope.
+     *
+     * @param requestedScopes requested scopes.
+     * @param authorizedScopes authorized scopes.
+     */
+    private static void handleInternalLoginScope(List<String> requestedScopes, List<String> authorizedScopes) {
+
+        if ((requestedScopes.contains(SYSTEM_SCOPE) || requestedScopes.contains(INTERNAL_LOGIN_SCOPE))
+                && !authorizedScopes.contains(INTERNAL_LOGIN_SCOPE)) {
+            authorizedScopes.add(INTERNAL_LOGIN_SCOPE);
+        }
+    }
+
 }