default scope changed to authn@oauth3.org
This commit is contained in:
parent
ff6d9665e2
commit
36fe8e2a80
|
@ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
|
|||
OAUTH3.authz = {};
|
||||
OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
|
||||
var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
|
||||
var scope = clientParams.scope || 'oauth3_authn';
|
||||
if ('oauth3_authn' === scope) {
|
||||
var scope = clientParams.scope || [ 'authn@oauth3.org' ];
|
||||
if ('authn@oauth3.org' === scope.toString()) {
|
||||
// implicit ppid grant is automatic
|
||||
console.warn('[security] fix scope checking on backend so that we can do automatic grants');
|
||||
// TODO check user preference if implicit ppid grant is allowed
|
||||
|
|
Loading…
Reference in New Issue