Hi Nilasini, Yes, your understanding is correct. We are not doing scope validations in IS as of now. There is a separate scope validator that get engaged in the scenarios relevant with APIM as of [1], which does scope validation.
[1] - https://github.com/wso2-extensions/identity-inbound- auth-oauth/blob/master/components/org.wso2.carbon. identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/ JDBCScopeValidator.java Thanks, On Mon, May 22, 2017 at 3:28 PM, Nilasini Thirunavukkarasu < [email protected]> wrote: > > > On Mon, May 22, 2017 at 2:55 PM, Nilasini Thirunavukkarasu < > [email protected]> wrote: > >> Hi, >> According to the specification[1] invalid_scope error code must be shown >> when we give invalid scope, unknown scope and etc. As we need to support >> custom scope as well, so we can't have a predefined list of scopes. From >> the current implementation it doesn't prompt the error code. >> >> As shown in [2], the scope is always set to true. So as far as I can >> understand it's not validating the scope in a correct manner. Any insight >> on this will be highly appreciated. >> >> [1] https://tools.ietf.org/html/rfc6749#section-5.2 >> [2]https://github.com/wso2-extensions/identity-inbound-auth- >> oauth/blob/master/components/org.wso2.carbon.identity.oauth/ >> src/main/java/org/wso2/carbon/identity/oauth/callback/ >> DefaultCallbackHandler.java#L37 >> >> Thank you, >> Nila. >> >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : [email protected] >> Mobile : +94775241823 <+94%2077%20524%201823> >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> > > > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : [email protected] > Mobile : +94775241823 <077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/ pushpalanka/ | Twitter: @pushpalanka
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
