From 36fe8e2a80056aeac2a3541378707167c8e1f9bf Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 29 Nov 2017 02:09:19 +0000
Subject: [PATCH] default scope changed to authn@oauth3.org

---
 oauth3.issuer.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth3.issuer.js b/oauth3.issuer.js
index 3d63c71..6571c91 100644
--- a/oauth3.issuer.js
+++ b/oauth3.issuer.js
@@ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
 OAUTH3.authz = {};
 OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
   var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
-  var scope = clientParams.scope || 'oauth3_authn';
-  if ('oauth3_authn' === scope) {
+  var scope = clientParams.scope || [ 'authn@oauth3.org' ];
+  if ('authn@oauth3.org' === scope.toString()) {
     // implicit ppid grant is automatic
     console.warn('[security] fix scope checking on backend so that we can do automatic grants');
     // TODO check user preference if implicit ppid grant is allowed