Hi All, Currently in IS, whenever a token request comes with a list of scopes we'll be showing all the scopes and get the consent from the user regardless of that scopes are requested or not in the Identity Server. But by going forward with IS 5.10.0, we'll be more descriptive and decided to show the display name of the scope and it's the description as well when we are getting the consent from the user. Also, if the scope is not registered under the OAuth2 scope or OIDC scope in the IS, then we decided to skip that particular scope from the consent page also in the response as a default behaviour.
In order to keep the backward compatibility, we'll keep a flag so that we can enable it if we want to list the scope which is not registered. Note that in that case scopes which are not registered will display with the provided scope name and scopes which are registered will displayed with their corresponding display name and description in the consent page. Highly appreciate your ideas and suggestion on this. Thanks, Sarubi. -- *Sarubi Thillainathan* | Software Engineer | WSO2 Inc. (m) +94 (0) 76 684 9101 | (e) sar...@wso2.com,stsa...@gmail.com *[image: https://wso2.com/signature] <https://wso2.com/signature>*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture