fix: account claims scope argument type during refresh token exchange

fixes #1000
panva · May 13, 2021 · bd1bee1 · bd1bee1
1 parent 19c59d9
commit bd1bee1
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/lib/actions/grants/refresh_token.js b/lib/actions/grants/refresh_token.js
@@ -212,7 +212,7 @@ module.exports.handler = async function refreshTokenHandler(ctx, next) {
     const claims = filterClaims(refreshToken.claims, 'id_token', grant);
     const rejected = grant.getRejectedOIDCClaims();
     const token = new IdToken(({
-      ...await account.claims('id_token', scope, claims, rejected),
+      ...await account.claims('id_token', [...scope].join(' '), claims, rejected),
       acr: refreshToken.acr,
       amr: refreshToken.amr,
       auth_time: refreshToken.authTime,

diff --git a/test/models.js b/test/models.js
@@ -1,5 +1,7 @@
 /* eslint-disable max-classes-per-file */
 
+const { strict: assert } = require('assert');
+
 const map = new Map();
 
 map.del = function (...args) {
@@ -69,7 +71,12 @@ class Account {
     return testStorage;
   }
 
-  claims() {
+  claims(use, scope, claims, rejected) {
+    assert.equal(typeof use, 'string');
+    assert.equal(typeof scope, 'string');
+    assert.equal(typeof claims, 'object');
+    assert.ok(Array.isArray(rejected));
+
     return {
       address: {
         country: '000',
@@ -101,10 +108,12 @@ class Account {
     };
   }
 
-  static async findAccount(ctx, id) {
-    let acc = testStorage.get(`Account:${id}`);
+  // eslint-disable-next-line no-unused-vars
+  static async findAccount(ctx, sub, token) {
+    assert.equal(typeof sub, 'string');
+    let acc = testStorage.get(`Account:${sub}`);
     if (!acc) {
-      acc = new Account(id);
+      acc = new Account(sub);
     }
     return acc;
   }