Sergey Beryozkin created CXF-6304:
-------------------------------------
Summary: AuthorizationCodeGrantHandler sets the approved scopes as
the requested ones
Key: CXF-6304
URL: https://issues.apache.org/jira/browse/CXF-6304
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Reporter: Sergey Beryozkin
Assignee: Sergey Beryozkin
Priority: Minor
Fix For: 3.1.0, 3.0.5
The code grant handler sets the approved scopes as requested scopes and leaves
the approved scopes empty - this works because the docs imply that if the
approved scopes are empty it means the user has not downscoped. However this
makes AccessTokenRegistration.getApprovedScopes useless in case of the
authorization code flow. It needs to be improved/fixed to make it cleaner
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
