Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove validateScope check from auth_code grant type #631

Open
thomseddon opened this issue Jun 27, 2020 · 0 comments · May be fixed by #647
Open

Remove validateScope check from auth_code grant type #631

thomseddon opened this issue Jun 27, 2020 · 0 comments · May be fixed by #647
Labels
bug
Milestone
4.0.0

Comments

@thomseddon
Copy link
Member

Per #629 (comment)

As per https://tools.ietf.org/html/rfc6749#section-4.1.1 the scope is a required parameter for the authorisation request (which #451 fixes), and is not actually defined for the access token request (which is where the library currently tries to perform scope validation here)

We should remove the validateScope call from the auth_code grant, as the scope parameter is not expected in the token request
@thomseddon thomseddon added the bug label Jun 27, 2020
@thomseddon thomseddon added this to the 4.0.0 milestone Jun 27, 2020
@yonatankalman yonatankalman linked a pull request Aug 14, 2020 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
4.0.0
Development

Successfully merging a pull request may close this issue.

Remove scope validation
1 participant
@thomseddon