yii2-oauth2-server Wrong Scope filled in the response for token request grant_type : "authorization

Wrong Scope filled in the response for token request grant_type : "authorization_code"

Open gailu opened this issue 7 years ago • 1 comments

I believe scope returned should be $authCode->scope instead of $this->scope. Response is returned with null scope whereas Authorization Code table has valid scope

`--- a/vendor/conquer/oauth2/granttypes/Authorization.php +++ b/vendor/conquer/oauth2/granttypes/Authorization.php @@ -105,7 +105,7 @@ class Authorization extends BaseModel 'access_token' => $acessToken->access_token, 'expires_in' => $this->accessTokenLifetime, 'token_type' => $this->tokenType,

```
       'scope' => $this->scope,
```

       'scope' => $authCode->scope,
       'refresh_token' => $refreshToken->refresh_token,
   ];

Nov 02 '17 11:11 gailu

https://tools.ietf.org/html/rfc6749#section-3.3 This functionality requires further development. There must be user callback, for the possibility of implementing server-side business logic. I think, the default implementation should be returning intersections of authCode.scope and accessToken.scope.

Nov 02 '17 12:11 borodulin

yii2-oauth2-server yii2-oauth2-server copied to clipboard

Wrong Scope filled in the response for token request grant_type : "authorization_code"

yii2-oauth2-server
yii2-oauth2-server copied to clipboard