On Mon, May 22, 2017 at 2:55 PM, Nilasini Thirunavukkarasu < nilas...@wso2.com> wrote:
> Hi, > According to the specification[1] invalid_scope error code must be shown > when we give invalid scope, unknown scope and etc. As we need to support > custom scope as well, so we can't have a predefined list of scopes. From > the current implementation it doesn't prompt the error code. > > As shown in [2], the scope is always set to true. So as far as I can > understand it's not validating the scope in a correct manner. Any insight > on this will be highly appreciated. > > [1] https://tools.ietf.org/html/rfc6749#section-5.2 > [2]https://github.com/wso2-extensions/identity-inbound- > auth-oauth/blob/master/components/org.wso2.carbon. > identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/callback/ > DefaultCallbackHandler.java#L37 > > Thank you, > Nila. > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev