diff options
Diffstat (limited to 'internal/api/auth/authorize.go')
| -rw-r--r-- | internal/api/auth/authorize.go | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/internal/api/auth/authorize.go b/internal/api/auth/authorize.go index 3676fd417..5b3e6ea3c 100644 --- a/internal/api/auth/authorize.go +++ b/internal/api/auth/authorize.go @@ -20,6 +20,7 @@ package auth import ( "net/http" "net/url" + "strings" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" @@ -229,8 +230,8 @@ func (m *Module) AuthorizePOSTHandler(c *gin.Context) { } // redirectAuthFormToSignIn binds an OAuthAuthorize form, -// stores the values in the form into the session, and -// redirects the user to the sign in page. +// presumed to be set as url query params, stores the values +// into the session, and redirects the user to the sign in page. func (m *Module) redirectAuthFormToSignIn(c *gin.Context) { s := sessions.Default(c) @@ -240,9 +241,14 @@ func (m *Module) redirectAuthFormToSignIn(c *gin.Context) { return } - // Set default scope to read. + // If scope isn't set default to read. + // + // Else massage submitted scope(s) from + // '+'-separated to space-separated. if form.Scope == "" { form.Scope = "read" + } else { + form.Scope = strings.ReplaceAll(form.Scope, "+", " ") } // Save these values from the form so we |