Correctly construct aud for scope verification

futur.blue / pegasus

fork atom

objective categorical abstract machine language personal data server

fork atom

(different from aud for jwt)

futur.blue 2 months ago 8339d18d dde0a7d2

verified

+4 -3

1 changed file

expand all

unified split

pegasus

lib

xrpc.ml

+4 -3

pegasus/lib/xrpc.ml

··· 209 | None -> 210 Errors.invalid_request "invalid proxy header" 211 in 212 - let aud = Option.value aud ~default:(service_did ^ "#" ^ service_type) in 213 let lxm = Option.value lxm ~default:nsid in 214 - Auth.assert_rpc_scope ctx.auth ~aud ~lxm ; 215 - let fragment = "#" ^ service_type in 216 match%lwt Id_resolver.Did.resolve service_did with 217 | Ok did_doc -> ( 218 let scheme, host =

··· 209 | None -> 210 Errors.invalid_request "invalid proxy header" 211 in 212 + let fragment = "#" ^ service_type in 213 + let aud = Option.value aud ~default:service_did in 214 let lxm = Option.value lxm ~default:nsid in 215 + let rpc_aud = aud ^ fragment in 216 + Auth.assert_rpc_scope ctx.auth ~aud:rpc_aud ~lxm ; 217 match%lwt Id_resolver.Did.resolve service_did with 218 | Ok did_doc -> ( 219 let scheme, host =