Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6304

AuthorizationCodeGrantHandler sets the approved scopes as the requested ones

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Minor
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 3.1, 3.0.5
          • Component/s: JAX-RS Security
          • Labels:
            None
          • Estimated Complexity:
            Unknown

            Description

            The code grant handler sets the approved scopes as requested scopes and leaves the approved scopes empty - this works because the docs imply that if the approved scopes are empty it means the user has not downscoped. However this makes AccessTokenRegistration.getApprovedScopes useless in case of the authorization code flow. It needs to be improved/fixed to make it cleaner

              Attachments

                Activity

                  People

                  • Assignee:
                    sergey_beryozkin Sergey Beryozkin
                    Reporter:
                    sergey_beryozkin Sergey Beryozkin
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: