From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 17 Feb 2020 09:59:35 +0000 (+0200)
Subject: auth: db-oauth - Match scopes split by spaces
X-Git-Tag: 2.3.11.2~589
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=296c1cbb2b90b8c7b23e51637fef77263db3141b;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-oauth - Match scopes split by spaces

Allow the user in if there is at least one matching scope.
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 28bf03e0d4..046cb80f73 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -553,8 +553,11 @@ db_oauth2_token_in_scope(struct db_oauth2_request *req,
 			"oauth2: Token scope(s): %s",
 			value);
 		if (value != NULL) {
+			const char **wanted_scopes =
+				t_strsplit_spaces(req->db->set.scope, " ");
 			const char **scopes = t_strsplit_spaces(value, " ");
-			found = str_array_find(scopes, req->db->set.scope);
+			for (; !found && *wanted_scopes != NULL; wanted_scopes++)
+				found = str_array_find(scopes, *wanted_scopes);
 		}
 		if (!found) {
 			*error_r = t_strdup_printf("Token is not valid for scope '%s'",