Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

supported scopes are used as default scopes #102

Open
MarioHoberg opened this issue Aug 25, 2017 · 3 comments
Open

supported scopes are used as default scopes #102

MarioHoberg opened this issue Aug 25, 2017 · 3 comments

Comments

@MarioHoberg
Copy link

If I got it correctly, when a token request (e.g.) with a client_crendentials grant and without scope is received, a token for all configured scopes is granted.

See code around https://github.com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2.php#L846

RFC6749 3.3. seems to allow for arbitrary defaults, but IMHO a library limiting the default to all available scopes is bad practice.

I suggest to fallback to an empty scope and maybe support a configurable default.
@rcwsr
Copy link

rcwsr commented Nov 9, 2017

I'm also having this issue. Is it just a case of removing 'scope' => $this->getVariable(self::CONFIG_SUPPORTED_SCOPES, null) ?

@bropp
Copy link

bropp commented Jun 14, 2018

Also having this issue. Only want to grant scopes when they are explicitly passed.

@Jwilsonps
Copy link

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MarioHoberg @rcwsr @Jwilsonps @bropp