default scope changed to authn@oauth3.org
This commit is contained in:
		
							parent
							
								
									ff6d9665e2
								
							
						
					
					
						commit
						36fe8e2a80
					
				| @ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) { | |||||||
| OAUTH3.authz = {}; | OAUTH3.authz = {}; | ||||||
| OAUTH3.authz.scopes = function (providerUri, session, clientParams) { | OAUTH3.authz.scopes = function (providerUri, session, clientParams) { | ||||||
|   var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer); |   var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer); | ||||||
|   var scope = clientParams.scope || 'oauth3_authn'; |   var scope = clientParams.scope || [ 'authn@oauth3.org' ]; | ||||||
|   if ('oauth3_authn' === scope) { |   if ('authn@oauth3.org' === scope.toString()) { | ||||||
|     // implicit ppid grant is automatic
 |     // implicit ppid grant is automatic
 | ||||||
|     console.warn('[security] fix scope checking on backend so that we can do automatic grants'); |     console.warn('[security] fix scope checking on backend so that we can do automatic grants'); | ||||||
|     // TODO check user preference if implicit ppid grant is allowed
 |     // TODO check user preference if implicit ppid grant is allowed
 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user