Merge branch 'hotfix/21.1.5'

CenterForOpenScience · Apr 15, 2021 · 83dca4f · 83dca4f
2 parents c44d73e + 1a58265
commit 83dca4f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+21.1.5 (04-14-2021)
+===================
+
+Fix invalid access type for OAuth /authorize
+
 21.1.4 (04-14-2021)
 ===================
 

diff --git a/...n/java/org/apereo/cas/support/oauth/web/endpoints/OAuth20AuthorizeEndpointController.java b/...n/java/org/apereo/cas/support/oauth/web/endpoints/OAuth20AuthorizeEndpointController.java
@@ -245,11 +245,14 @@ protected ModelAndView buildAuthorizationForRequest (
                 .map(String::valueOf)
                 .orElseGet(OAuth20GrantTypes.AUTHORIZATION_CODE::getType)
                 .toUpperCase();
-        val accessType = context
+        var accessType = context
                 .getRequestParameter(OsfCasOAuth20Constants.ACCESS_TYPE)
                 .map(String::valueOf)
-                .orElse(OsfCasOAuth20CodeType.ONLINE.name())
+                .orElse(StringUtils.EMPTY)
                 .toUpperCase();
+        if (!OsfCasOAuth20CodeType.OFFLINE.name().equalsIgnoreCase(accessType)) {
+            accessType = OsfCasOAuth20CodeType.ONLINE.name();
+        }
         val scopes = OAuth20Utils.parseRequestScopes(context);
         val codeChallenge = context
                 .getRequestParameter(OAuth20Constants.CODE_CHALLENGE)