auth_oidc: compare token_type case insensitively (fixes #32281)
This commit is contained in:
parent
532e5b2066
commit
05d68af54e
|
@ -166,8 +166,11 @@ class LoginCallback(View):
|
|||
'request_id': request.request_id,
|
||||
})
|
||||
return self.continue_to_next_url()
|
||||
if ('access_token' not in result or 'token_type' not in result or
|
||||
result['token_type'] != 'Bearer' or 'id_token' not in result):
|
||||
# token_type is case insensitive, https://tools.ietf.org/html/rfc6749#section-4.2.2
|
||||
if ('access_token' not in result
|
||||
or 'token_type' not in result
|
||||
or result['token_type'].lower() != 'bearer'
|
||||
or 'id_token' not in result):
|
||||
logger.warning(u'auth_oidc: invalid token endpoint response from %s: %r' % (
|
||||
provider.token_endpoint, result))
|
||||
messages.warning(request, _('Provider %(name)s is down, report %(request_id)s to '
|
||||
|
|
|
@ -4,6 +4,7 @@ import os
|
|||
import pytest
|
||||
import json
|
||||
import time
|
||||
import random
|
||||
|
||||
from jwcrypto.jwk import JWKSet, JWK
|
||||
from jwcrypto.jwt import JWT
|
||||
|
@ -199,7 +200,8 @@ def oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, extra_id_token
|
|||
|
||||
content = {
|
||||
'access_token': '1234',
|
||||
'token_type': 'Bearer',
|
||||
# check token_type is case insensitive
|
||||
'token_type': random.choice(['B', 'b']) + 'earer',
|
||||
'id_token': jwt.serialize(),
|
||||
}
|
||||
return {
|
||||
|
|
Loading…
Reference in New Issue