Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refreshing token with missing scope parameter clears scope #51

Open
alexdutton opened this issue Nov 4, 2013 · 0 comments
Open

Refreshing token with missing scope parameter clears scope #51

alexdutton opened this issue Nov 4, 2013 · 0 comments

Comments

@alexdutton
Copy link

TokenGenerator._get_refresh_token doesn't leave the scope attribute on self.access_token alone if the request had no scope parameter (i.e. self.scope is None).

RFC 6749 says:

scope
OPTIONAL. The scope of the access request as described by
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
resource owner.

Fix to be attached shortly…
alexdutton added a commit to ox-it/oauth2app that referenced this issue Nov 4, 2013
@alexdutton
Only change scope if refresh_token grant asked for it.
853ef3b 
Section 6 of the OAuth2 RFC says that if scope parameter is omitted it "is treated as equal to the scope originally granted by the resource owner." Previously oauth2app cleared the scope if the scope parameter was omitted.

Fixes hiidef#51.
alexdutton added a commit to ox-it/oauth2app that referenced this issue Feb 9, 2015
@alexdutton
Only change scope if refresh_token grant asked for it.
8a5a696 
Section 6 of the OAuth2 RFC says that if scope parameter is omitted it "is treated as equal to the scope originally granted by the resource owner." Previously oauth2app cleared the scope if the scope parameter was omitted.

Fixes hiidef#51.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexdutton