Skip to content

Commit 775b46d

Browse files
dmitrizagidulindmitrizagidulin
committed
Return scope='openid webid' in oidc WWW-Authenticate header response
1 parent 2b4bbe4 commit 775b46d

File tree

3 files changed

+7
-7
lines changed

3 files changed

+7
-7
lines changed

lib/api/authn/webid-oidc.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ function setAuthenticateHeader (req, res, err) {
8080

8181
let errorParams = {
8282
realm: locals.host.serverUri,
83-
scope: 'openid',
83+
scope: 'openid webid',
8484
error: err.error,
8585
error_description: err.error_description,
8686
error_uri: err.error_uri

test/integration/errors-oidc.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ describe('OIDC error handling', function () {
4141
it('should return 401 Unauthorized with www-auth header', () => {
4242
return server.get('/profile/')
4343
.set('Accept', 'text/html')
44-
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid"')
44+
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid"')
4545
.expect(401)
4646
})
4747

@@ -59,7 +59,7 @@ describe('OIDC error handling', function () {
5959
it('should return 401 Unauthorized with www-auth header', () => {
6060
return server.get('/profile/')
6161
.set('Accept', 'text/plain')
62-
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid"')
62+
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid"')
6363
.expect(401)
6464
})
6565
})
@@ -78,7 +78,7 @@ describe('OIDC error handling', function () {
7878
it('should return a 401 error', () => {
7979
return server.get('/profile/')
8080
.set('Authorization', 'Bearer abcd123')
81-
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid", error="invalid_token", error_description="Access token is not a JWT"')
81+
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid", error="invalid_token", error_description="Access token is not a JWT"')
8282
.expect(401)
8383
})
8484
})
@@ -89,7 +89,7 @@ describe('OIDC error handling', function () {
8989
it('should return a 401 error', () => {
9090
return server.get('/profile/')
9191
.set('Authorization', 'Bearer ' + expiredToken)
92-
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid", error="invalid_token", error_description="Access token is expired."')
92+
.expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid", error="invalid_token", error_description="Access token is expired."')
9393
.expect(401)
9494
})
9595
})

test/unit/auth-handlers.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ describe('OIDC Handler', () => {
3333

3434
expect(res.set).to.be.calledWith(
3535
'WWW-Authenticate',
36-
'Bearer realm="https://example.com", scope="openid", error="invalid_token", error_description="Invalid token", error_uri="https://example.com/errors/token"'
36+
'Bearer realm="https://example.com", scope="openid webid", error="invalid_token", error_description="Invalid token", error_uri="https://example.com/errors/token"'
3737
)
3838
})
3939

@@ -44,7 +44,7 @@ describe('OIDC Handler', () => {
4444

4545
expect(res.set).to.be.calledWith(
4646
'WWW-Authenticate',
47-
'Bearer realm="https://example.com", scope="openid"'
47+
'Bearer realm="https://example.com", scope="openid webid"'
4848
)
4949
})
5050
})

0 commit comments

Comments
 (0)