Merge pull request #6112 from mozilla/train-110

Uplift train-110 to master

CHANGELOG.md

@@ -1,3 +1,13 @@
+<a name="1.110.2"></a>
+## 1.110.2 (2018-04-25)
+
+
+### Bug Fixes
+
+* **permissions:** Allow untrusted reliers to request 'openid' scope. (#6111) r=@vladikoff ([5b259ad](https://github.com/mozilla/fxa-content-server/commit/5b259ad))
+
+
+
 <a name="1.110.1"></a>
 ## 1.110.1 (2018-04-20)
 

app/scripts/lib/constants.js

@@ -66,6 +66,7 @@ module.exports = {
   // We only grant permissions that our UI currently prompts for. Others
   // will be stripped.
   OAUTH_UNTRUSTED_ALLOWED_PERMISSIONS: [
+    'openid',
     'profile:display_name',
     'profile:email',
     'profile:uid'

app/tests/spec/models/reliers/oauth.js

@@ -39,6 +39,7 @@ define(function (require, exports, module) {
     var SCOPE_PROFILE_EXPANDED = Constants.OAUTH_TRUSTED_PROFILE_SCOPE_EXPANSION.join(' ');
     var PERMISSIONS = ['profile:email', 'profile:uid'];
     var SCOPE_WITH_EXTRAS = 'profile:email profile:uid profile:non_whitelisted';
+    var SCOPE_WITH_OPENID = 'profile:email profile:uid openid';
     var SERVER_REDIRECT_URI = 'http://127.0.0.1:8080/api/oauth';
     var SERVICE = 'service';
     var SERVICE_NAME = '123Done';
@@ -342,8 +343,8 @@ define(function (require, exports, module) {
               });
             });
 
-            var validValues = [SCOPE_WITH_EXTRAS];
-            var expectedValues = [SCOPE];
+            var validValues = [SCOPE_WITH_EXTRAS, SCOPE_WITH_OPENID];
+            var expectedValues = [SCOPE, SCOPE_WITH_OPENID];
             testValidQueryParams('scope', validValues, 'scope', expectedValues);
 
             var invalidValues = ['profile', 'profile:unrecognized'];

package.json

@@ -1,6 +1,6 @@
 {
   "name": "fxa-content-server",
-  "version": "1.110.1",
+  "version": "1.110.2",
   "description": "Firefox Accounts Content Server",
   "scripts": {
     "build-production": "NODE_ENV=production grunt build",