Yes.. We cannot give the same access token for different scopes. +1 for fixing this.
Thanks... Sent from my mobile device > On Oct 25, 2013, at 5:29 PM, Asela Pathberiya <[email protected]> wrote: > > Hi All, > > AFAIK, currently OAuth2 token endpoint returns the same access token for > different scope. Access tokens are issued per client and resource owner. I > guess, it must be per client, resource owner and scope. If we are > implementing scope validation and resource owner authorization, i guess, it > is better to support this. Can we support this for next release of Identity > Server, if this is not yet done.? > > Thanks, > Asela. > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 _______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
