Parse multiple roles as string

dutow · dutow · commit 3bae7868d7f7 · 2025-10-24T12:08:04.000+02:00
Even if the access token contains a string for the scopes or scp claims,
and not an array, it might still contain multiple scopes separated by
spaces.

This was not handled by the current code.

This commit splits strings like this into multiple scopes to handle the
situation properly.
diff --git a/src/jwk.cpp b/src/jwk.cpp
@@ -201,7 +201,9 @@ scopes_t parse_jwt_scopes(const picojson::value& jsonScopes) {
     return {scope_range.begin(), scope_range.end()};
   }
   if (jsonScopes.is<std::string>()) {
-    return {jsonScopes.get<std::string>()};
+    auto scope_range = jsonScopes.get<std::string>() | std::views::split(' ') |
+                       std::views::transform([](auto r) { return std::string(r.data(), r.size()); });
+    return {scope_range.begin(), scope_range.end()};
   }
 
   return {};

Original file line number	Diff line number	Diff line change
`@@ -201,7 +201,9 @@ scopes_t parse_jwt_scopes(const picojson::value& jsonScopes) {`
`201`	`201`	`return {scope_range.begin(), scope_range.end()};`
`202`	`202`	`}`
`203`	`203`	`if (jsonScopes.is<std::string>()) {`
`204`		`- return {jsonScopes.get<std::string>()};`
	`204`	`+ auto scope_range = jsonScopes.get<std::string>() \| std::views::split(' ') \|`
	`205`	`+ std::views::transform([](auto r) { return std::string(r.data(), r.size()); });`
	`206`	`+ return {scope_range.begin(), scope_range.end()};`
`205`	`207`	`}`
`206`	`208`
`207`	`209`	`return {};`