[ https://issues.apache.org/jira/browse/CXF-6304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed CXF-6304. ------------------------------------ > AuthorizationCodeGrantHandler sets the approved scopes as the requested ones > ---------------------------------------------------------------------------- > > Key: CXF-6304 > URL: https://issues.apache.org/jira/browse/CXF-6304 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security > Reporter: Sergey Beryozkin > Assignee: Sergey Beryozkin > Priority: Minor > Fix For: 3.1.0, 3.0.5 > > > The code grant handler sets the approved scopes as requested scopes and > leaves the approved scopes empty - this works because the docs imply that if > the approved scopes are empty it means the user has not downscoped. However > this makes AccessTokenRegistration.getApprovedScopes useless in case of the > authorization code flow. It needs to be improved/fixed to make it cleaner -- This message was sent by Atlassian JIRA (v6.3.4#6332)