|
|
@ -371,7 +371,7 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) { |
|
|
|
OAUTH3.authz = {}; |
|
|
|
OAUTH3.authz.scopes = function (providerUri, session, clientParams) { |
|
|
|
var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer); |
|
|
|
var scope = clientParams.scope || [ 'authn@oauth3.org' ]; |
|
|
|
var scope = clientParams.scope || 'authn@oauth3.org'; |
|
|
|
if ('authn@oauth3.org' === scope.toString()) { |
|
|
|
// implicit ppid grant is automatic
|
|
|
|
console.warn('[security] fix scope checking on backend so that we can do automatic grants'); |
|
|
|