ory / fosite

86%

master: 71%

LAST BUILD ON BRANCH fix-refresh

branch: fix-refresh

CHANGE BRANCH

x

Reset

• fix-refresh
• add-acr
• add-basic-ss
• add-jwt-auth
• add-licenses
• add-pkce
• aud
• aud-2
• banner
• close-144
• close-194
• closes-150
• closes-180
• closes-1801
• compose-expose
• contributing
• contributing-01-20-20-10-13-24
• contributing-01-20-20-10-24-59
• contributing-02-02-20-22-55-43
• contributing-03-18-20-19-08-24
• contributing-04-04-20-12-02-41
• contributing-04-04-20-15-45-22
• contributing-04-05-20-09-45-31
• contributing-04-12-20-10-41-32
• contributing-04-13-20-09-21-56
• contributing-04-16-20-19-31-31
• contributing-05-12-20-10-00-36
• contributing-05-15-19-12-38-49
• contributing-05-15-19-13-05-24
• contributing-05-23-19-11-57-12
• contributing-05-23-19-12-07-08
• contributing-05-23-19-12-10-52
• contributing-07-23-19-11-28-47
• contributing-07-23-19-11-35-28
• contributing-08-05-19-18-31-41
• contributing-08-10-19-00-48-22
• contributing-08-10-19-00-52-57
• contributing-08-11-19-13-19-43
• contributing-08-19-19-19-01-07
• contributing-10-15-18-20-32-24
• contributing-10-15-18-20-34-07
• contributing-10-15-18-20-36-17
• contributing-10-17-18-14-50-41
• cryptopasta
• fix-181
• fix-182
• fix-188
• fix-194
• fix-209
• fix-214
• fix-225
• fix-386
• fix-aud
• fix-auth-time
• fix-clone
• fix-code
• fix-codes
• fix-cs
• fix-err
• fix-error
• fix-error-response-type
• fix-errors
• fix-hybrid
• fix-id-token-hint-expired
• fix-id-token-issues
• fix-idt-exp
• fix-introspect
• fix-introspection
• fix-jwt-extra
• fix-logrus
• fix-nonce
• fix-offline
• fix-pkce
• fix-public-none
• fix-response-type
• fix-scope-docs
• fix-scope-strategy
• fix-scopes
• fix-storage
• fix-tests
• fix-timing-maxage
• fix-uq-aud
• fix-ut
• improve-debug
• improve-error
• improve-oidc
• improve-oidc-checks
• improve-oidc-conformity
• improve-oidc-verify
• improve-prompt-age
• improve-tokenauthmessage
• introspect-token-type
• key-rotation
• master
• next-release
• oidc-conformity
• pkce
• re-export-converter
• redir-up
• redirect-secure-modify
• refresh-exp
• regression-150
• remove-details
• remove-jose
• revoke-tokens-2nd
• revoke-tokens-2nd-2
• rfc-errors
• rotate-hmac-key
• timing
• to-dep
• utc-everywhere
• v0.10.0
• v0.11.0
• v0.11.1
• v0.11.2
• v0.11.3
• v0.11.4
• v0.12.0
• v0.13.0
• v0.13.1
• v0.14.0
• v0.14.1
• v0.14.2
• v0.15.0
• v0.15.1
• v0.15.2
• v0.15.3
• v0.15.4
• v0.15.5
• v0.15.6
• v0.16.0
• v0.16.1
• v0.16.2
• v0.16.3
• v0.16.4
• v0.16.5
• v0.17.0
• v0.17.1
• v0.17.2
• v0.18.0
• v0.18.1
• v0.19.0
• v0.19.1
• v0.19.2
• v0.19.3
• v0.19.4
• v0.19.5
• v0.19.6
• v0.19.7
• v0.19.8
• v0.20.0
• v0.20.1
• v0.20.2
• v0.20.3
• v0.21.0
• v0.21.1
• v0.21.2
• v0.21.3
• v0.21.4
• v0.22.0
• v0.23.0
• v0.24.0
• v0.25.0
• v0.25.1
• v0.26.0
• v0.26.1
• v0.27.0
• v0.27.1
• v0.27.2
• v0.27.3
• v0.27.4
• v0.28.0
• v0.28.1
• v0.29.0
• v0.29.1
• v0.29.2
• v0.29.3
• v0.29.4
• v0.29.5
• v0.29.6
• v0.29.7
• v0.29.8
• v0.30.0
• v0.30.1
• v0.30.2
• v0.30.3
• v0.30.4
• v0.30.5
• v0.30.6
• v0.31.0
• v0.31.1
• v0.31.2
• v0.31.3
• v0.32.0
• v0.32.1
• v0.32.2
• v0.6.17
• v0.6.18
• v0.6.19
• v0.7.0
• v0.8.0
• v0.9.0
• v0.9.1
• v0.9.2
• v0.9.3
• v0.9.4
• v0.9.5
• v0.9.6
• v0.9.7
• write-debug

Build # 1251

Build Type

push

travis-ci

Committed by aeneasr

Commit Message

oauth2: Improve refresh security and reliability

This patch resolves several issues regarding the refresh flow. First,
an issue has been resolved which caused the audience to not be
set in the refreshed access tokens.

Second, scope and audience are validated against the client's
whitelisted values and if the values are no longer allowed,
the grant is canceled.

Closes #331
Closes #325
Closes #324

Run Details

2831 of 3311 relevant lines covered (85.5%)

210.48 hits per line