default scope changed to authn@oauth3.org

This commit is contained in:
AJ ONeal 2017-11-29 02:09:19 +00:00
parent ff6d9665e2
commit 36fe8e2a80
1 changed files with 2 additions and 2 deletions

View File

@ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
OAUTH3.authz = {};
OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
var scope = clientParams.scope || 'oauth3_authn';
if ('oauth3_authn' === scope) {
var scope = clientParams.scope || [ 'authn@oauth3.org' ];
if ('authn@oauth3.org' === scope.toString()) {
// implicit ppid grant is automatic
console.warn('[security] fix scope checking on backend so that we can do automatic grants');
// TODO check user preference if implicit ppid grant is allowed