default scope changed to authn@oauth3.org
This commit is contained in:
		
							parent
							
								
									ff6d9665e2
								
							
						
					
					
						commit
						36fe8e2a80
					
				| @ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) { | ||||
| OAUTH3.authz = {}; | ||||
| OAUTH3.authz.scopes = function (providerUri, session, clientParams) { | ||||
|   var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer); | ||||
|   var scope = clientParams.scope || 'oauth3_authn'; | ||||
|   if ('oauth3_authn' === scope) { | ||||
|   var scope = clientParams.scope || [ 'authn@oauth3.org' ]; | ||||
|   if ('authn@oauth3.org' === scope.toString()) { | ||||
|     // implicit ppid grant is automatic
 | ||||
|     console.warn('[security] fix scope checking on backend so that we can do automatic grants'); | ||||
|     // TODO check user preference if implicit ppid grant is allowed
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user