AppAuth-Android
AppAuth-Android copied to clipboard
openid
Add option to specify scope for token refresh (or performActionWithFreshTokens)
currently here is no option to specify scope that we would like to request for given access_token. Even scope specified in authState is not send with refresh request -> it's hardcoded as null.
my use-case would require accessing different endpoints with different access tokens which should be scoped
Can you see some solution, workaround for that?
seems to be officially supported by standard
https://tools.ietf.org/html/rfc6749#section-6
scope OPTIONAL. The scope of the access request as described by Section 3.3. The requested scope MUST NOT include any scope not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the resource owner
related PRs that I've found so far:
- https://github.com/openid/AppAuth-Android/pull/589
- iOS https://github.com/openid/AppAuth-iOS/pull/301
initially authored by @WilliamDenniss - would that be ok for you to bring scopes back to token_refresh request (some additional checks if scope was initially requested might be needed to be in line with specs)
I'm happy to prepare PR with support for this case
