default scope changed to authn@oauth3.org
This commit is contained in:
parent
ff6d9665e2
commit
36fe8e2a80
|
@ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
|
||||||
OAUTH3.authz = {};
|
OAUTH3.authz = {};
|
||||||
OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
|
OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
|
||||||
var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
|
var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
|
||||||
var scope = clientParams.scope || 'oauth3_authn';
|
var scope = clientParams.scope || [ 'authn@oauth3.org' ];
|
||||||
if ('oauth3_authn' === scope) {
|
if ('authn@oauth3.org' === scope.toString()) {
|
||||||
// implicit ppid grant is automatic
|
// implicit ppid grant is automatic
|
||||||
console.warn('[security] fix scope checking on backend so that we can do automatic grants');
|
console.warn('[security] fix scope checking on backend so that we can do automatic grants');
|
||||||
// TODO check user preference if implicit ppid grant is allowed
|
// TODO check user preference if implicit ppid grant is allowed
|
||||||
|
|
Loading…
Reference in New Issue