From 5b259ad2c3253945049ad7fab10308315483fd26 Mon Sep 17 00:00:00 2001
From: Ryan Kelly <ryan@rfk.id.au>
Date: Wed, 25 Apr 2018 10:59:42 +1000
Subject: [PATCH 1/2] fix(permissions): Allow untrusted reliers to request
 'openid' scope. (#6111) r=@vladikoff

Fixes https://github.com/mozilla/fxa-content-server/issues/6106
---
 app/scripts/lib/constants.js           | 1 +
 app/tests/spec/models/reliers/oauth.js | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/scripts/lib/constants.js b/app/scripts/lib/constants.js
index 8554f4542..26b3c1707 100644
--- a/app/scripts/lib/constants.js
+++ b/app/scripts/lib/constants.js
@@ -65,6 +65,7 @@ module.exports = {
   // We only grant permissions that our UI currently prompts for. Others
   // will be stripped.
   OAUTH_UNTRUSTED_ALLOWED_PERMISSIONS: [
+    'openid',
     'profile:display_name',
     'profile:email',
     'profile:uid'
diff --git a/app/tests/spec/models/reliers/oauth.js b/app/tests/spec/models/reliers/oauth.js
index 9803cb09e..2dad30ca7 100644
--- a/app/tests/spec/models/reliers/oauth.js
+++ b/app/tests/spec/models/reliers/oauth.js
@@ -39,6 +39,7 @@ define(function (require, exports, module) {
     var SCOPE_PROFILE_EXPANDED = Constants.OAUTH_TRUSTED_PROFILE_SCOPE_EXPANSION.join(' ');
     var PERMISSIONS = ['profile:email', 'profile:uid'];
     var SCOPE_WITH_EXTRAS = 'profile:email profile:uid profile:non_whitelisted';
+    var SCOPE_WITH_OPENID = 'profile:email profile:uid openid';
     var SERVER_REDIRECT_URI = 'http://127.0.0.1:8080/api/oauth';
     var SERVICE = 'service';
     var SERVICE_NAME = '123Done';
@@ -342,8 +343,8 @@ define(function (require, exports, module) {
               });
             });
 
-            var validValues = [SCOPE_WITH_EXTRAS];
-            var expectedValues = [SCOPE];
+            var validValues = [SCOPE_WITH_EXTRAS, SCOPE_WITH_OPENID];
+            var expectedValues = [SCOPE, SCOPE_WITH_OPENID];
             testValidQueryParams('scope', validValues, 'scope', expectedValues);
 
             var invalidValues = ['profile', 'profile:unrecognized'];

From b33d7cda4f123935c29870fb943c301a54a627cd Mon Sep 17 00:00:00 2001
From: vladikoff <vlad.filippov@gmail.com>
Date: Tue, 24 Apr 2018 21:00:33 -0400
Subject: [PATCH 2/2] Release v1.110.2

---
 CHANGELOG.md | 10 ++++++++++
 package.json |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b51d39c92..3fbd60c10 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,13 @@
+<a name="1.110.2"></a>
+## 1.110.2 (2018-04-25)
+
+
+### Bug Fixes
+
+* **permissions:** Allow untrusted reliers to request 'openid' scope. (#6111) r=@vladikoff ([5b259ad](https://github.com/mozilla/fxa-content-server/commit/5b259ad))
+
+
+
 <a name="1.110.1"></a>
 ## 1.110.1 (2018-04-20)
 
diff --git a/package.json b/package.json
index b6f4ad2e7..4de3a4206 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fxa-content-server",
-  "version": "1.110.1",
+  "version": "1.110.2",
   "description": "Firefox Accounts Content Server",
   "scripts": {
     "build-production": "NODE_ENV=production grunt build",