[CXF-6304] AuthorizationCodeGrantHandler sets the approved scopes as the requested ones - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.1, 3.0.5
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

The code grant handler sets the approved scopes as requested scopes and leaves the approved scopes empty - this works because the docs imply that if the approved scopes are empty it means the user has not downscoped. However this makes AccessTokenRegistration.getApprovedScopes useless in case of the authorization code flow. It needs to be improved/fixed to make it cleaner

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Sergey Beryozkin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 18/Mar/15 16:05

Updated:: 14/Oct/16 14:23

Resolved:: 18/Mar/15 16:08