ory / fosite

86%

master: 71%

LAST BUILD ON BRANCH v0.27.1

branch: v0.27.1

CHANGE BRANCH

x

Reset

• v0.27.1
• add-acr
• add-basic-ss
• add-jwt-auth
• add-licenses
• add-pkce
• aud
• aud-2
• banner
• close-144
• close-194
• closes-150
• closes-180
• closes-1801
• compose-expose
• contributing
• contributing-01-20-20-10-13-24
• contributing-01-20-20-10-24-59
• contributing-02-02-20-22-55-43
• contributing-03-18-20-19-08-24
• contributing-04-04-20-12-02-41
• contributing-04-04-20-15-45-22
• contributing-04-05-20-09-45-31
• contributing-04-12-20-10-41-32
• contributing-04-13-20-09-21-56
• contributing-04-16-20-19-31-31
• contributing-05-12-20-10-00-36
• contributing-05-15-19-12-38-49
• contributing-05-15-19-13-05-24
• contributing-05-23-19-11-57-12
• contributing-05-23-19-12-07-08
• contributing-05-23-19-12-10-52
• contributing-07-23-19-11-28-47
• contributing-07-23-19-11-35-28
• contributing-08-05-19-18-31-41
• contributing-08-10-19-00-48-22
• contributing-08-10-19-00-52-57
• contributing-08-11-19-13-19-43
• contributing-08-19-19-19-01-07
• contributing-10-15-18-20-32-24
• contributing-10-15-18-20-34-07
• contributing-10-15-18-20-36-17
• contributing-10-17-18-14-50-41
• cryptopasta
• fix-181
• fix-182
• fix-188
• fix-194
• fix-209
• fix-214
• fix-225
• fix-386
• fix-aud
• fix-auth-time
• fix-clone
• fix-code
• fix-codes
• fix-cs
• fix-err
• fix-error
• fix-error-response-type
• fix-errors
• fix-hybrid
• fix-id-token-hint-expired
• fix-id-token-issues
• fix-idt-exp
• fix-introspect
• fix-introspection
• fix-jwt-extra
• fix-logrus
• fix-nonce
• fix-offline
• fix-pkce
• fix-public-none
• fix-refresh
• fix-response-type
• fix-scope-docs
• fix-scope-strategy
• fix-scopes
• fix-storage
• fix-tests
• fix-timing-maxage
• fix-uq-aud
• fix-ut
• improve-debug
• improve-error
• improve-oidc
• improve-oidc-checks
• improve-oidc-conformity
• improve-oidc-verify
• improve-prompt-age
• improve-tokenauthmessage
• introspect-token-type
• key-rotation
• master
• next-release
• oidc-conformity
• pkce
• re-export-converter
• redir-up
• redirect-secure-modify
• refresh-exp
• regression-150
• remove-details
• remove-jose
• revoke-tokens-2nd
• revoke-tokens-2nd-2
• rfc-errors
• rotate-hmac-key
• timing
• to-dep
• utc-everywhere
• v0.10.0
• v0.11.0
• v0.11.1
• v0.11.2
• v0.11.3
• v0.11.4
• v0.12.0
• v0.13.0
• v0.13.1
• v0.14.0
• v0.14.1
• v0.14.2
• v0.15.0
• v0.15.1
• v0.15.2
• v0.15.3
• v0.15.4
• v0.15.5
• v0.15.6
• v0.16.0
• v0.16.1
• v0.16.2
• v0.16.3
• v0.16.4
• v0.16.5
• v0.17.0
• v0.17.1
• v0.17.2
• v0.18.0
• v0.18.1
• v0.19.0
• v0.19.1
• v0.19.2
• v0.19.3
• v0.19.4
• v0.19.5
• v0.19.6
• v0.19.7
• v0.19.8
• v0.20.0
• v0.20.1
• v0.20.2
• v0.20.3
• v0.21.0
• v0.21.1
• v0.21.2
• v0.21.3
• v0.21.4
• v0.22.0
• v0.23.0
• v0.24.0
• v0.25.0
• v0.25.1
• v0.26.0
• v0.26.1
• v0.27.0
• v0.27.2
• v0.27.3
• v0.27.4
• v0.28.0
• v0.28.1
• v0.29.0
• v0.29.1
• v0.29.2
• v0.29.3
• v0.29.4
• v0.29.5
• v0.29.6
• v0.29.7
• v0.29.8
• v0.30.0
• v0.30.1
• v0.30.2
• v0.30.3
• v0.30.4
• v0.30.5
• v0.30.6
• v0.31.0
• v0.31.1
• v0.31.2
• v0.31.3
• v0.32.0
• v0.32.1
• v0.32.2
• v0.6.17
• v0.6.18
• v0.6.19
• v0.7.0
• v0.8.0
• v0.9.0
• v0.9.1
• v0.9.2
• v0.9.3
• v0.9.4
• v0.9.5
• v0.9.6
• v0.9.7
• write-debug

Build # 1254

Build Type

push

travis-ci

Committed by web-flow

Commit Message

oauth2: Improve refresh security and reliability (#332)

This patch resolves several issues regarding the refresh flow. First,
an issue has been resolved which caused the audience to not be
set in the refreshed access tokens.

Second, scope and audience are validated against the client's
whitelisted values and if the values are no longer allowed,
the grant is canceled.

Closes #331
Closes #325
Closes #324

Run Details

2831 of 3311 relevant lines covered (85.5%)

106.5 hits per line