paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

auth-node: Refresh handler not returning persisted scope in response

Browse Source 
The refresh handler is returning an empty scope if scope was previously
saved in a cookie. The session is successfully refreshed but the client
receives a response without the scope it requested, prompting a new
login.

Resolves #20322

Signed-off-by: Adam Kunicki <kunickiaj@gmail.com>
This commit is contained in:
Adam Kunicki
2023-10-04 10:14:02 -07:00
parent b74f157839
commit 8b8b1d23ae
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/stale-stingrays-explode.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-node': patch
---
Fixed cookie persisted scope not returned in OAuth refresh handler response.
plugins/auth-node/src/oauth/createOAuthRouteHandlers.ts
+3 -1
View File
@@ -320,7 +320,9 @@ export function createOAuthRouteHandlers<TProfile>(
providerInfo: {
idToken: result.session.idToken,
accessToken: result.session.accessToken,
scope: result.session.scope,
scope: authenticator.shouldPersistScopes
? scope
: result.session.scope,
expiresInSeconds: result.session.expiresInSeconds,
},
};