oops: fix json_deep_copy of claims

Signed-off-by: Hans Zandbelt <[email protected]>
OpenIDC · Mar 25, 2020 · 7de646d · 7de646d
1 parent aad5dec
commit 7de646d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+03/25/2020
+- oops: fix json_deep_copy of claims
+
 03/24/2020
 - fix memory leak in OAuth 2.0 JWT validation; closes #470; thanks Conrad Thukral
 - fix configured private/public key cleanup on process exit

diff --git a/src/oauth.c b/src/oauth.c
@@ -652,7 +652,7 @@ static apr_byte_t oidc_oauth_validate_jwt_access_token(request_rec *r,
 	oidc_debug(r, "successfully verified JWT access token: %s",
 			jwt->payload.value.str);
 
-	*token = jwt->payload.value.json;
+	*token = json_deep_copy(jwt->payload.value.json);
 	*response = jwt->payload.value.str;
 
 	oidc_jwt_destroy(jwt);