Skip to content

Commit

Permalink
fix: use AccessData scope instead of AccessRequest scope
Browse files Browse the repository at this point in the history 
In order to be able to modify the scopes list in Storage.SaveAccess, in case of the client tried to get unauthorized scopes.
In the rfc6749#section-3.3: "If the issued access token scope is different from the one requested by the client, the authorization server MUST include the "scope" response parameter to inform the client of the actual scope granted."
  • Loading branch information
@denouche
denouche committed Jun 27, 2017
1 parent 1c1df84 commit 07e51e8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions access.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,8 +521,8 @@ func (s *Server) FinishAccessRequest(w *Response, r *http.Request, ar *AccessReq
if ret.RefreshToken != "" {
w.Output["refresh_token"] = ret.RefreshToken
}
if ar.Scope != "" {
w.Output["scope"] = ar.Scope
if ret.Scope != "" {
w.Output["scope"] = ret.Scope
}
} else {
w.SetError(E_ACCESS_DENIED, "")
Expand Down

0 comments on commit 07e51e8

Please sign in to comment.