diff --git a/oauth3.core.js b/oauth3.core.js index 58f67d1..90b6aed 100644 --- a/oauth3.core.js +++ b/oauth3.core.js @@ -169,7 +169,7 @@ } , scope: { parse: function (scope) { - return (scope||'').split(/[+, ]+/g); + return (scope||'').toString().split(/[+, ]+/g); } , stringify: function (scope) { if (Array.isArray(scope)) { diff --git a/oauth3.issuer.js b/oauth3.issuer.js index 6571c91..7d48506 100644 --- a/oauth3.issuer.js +++ b/oauth3.issuer.js @@ -371,7 +371,7 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) { OAUTH3.authz = {}; OAUTH3.authz.scopes = function (providerUri, session, clientParams) { var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer); - var scope = clientParams.scope || [ 'authn@oauth3.org' ]; + var scope = clientParams.scope || 'authn@oauth3.org'; if ('authn@oauth3.org' === scope.toString()) { // implicit ppid grant is automatic console.warn('[security] fix scope checking on backend so that we can do automatic grants'); diff --git a/oauth3.issuer.mock.js b/oauth3.issuer.mock.js index e054edb..e671f12 100644 --- a/oauth3.issuer.mock.js +++ b/oauth3.issuer.mock.js @@ -27,10 +27,10 @@ OAUTH3.authz.scopes = function () { return OAUTH3.PromiseA.resolve({ - pending: ['oauth3_authn'] // not yet accepted - , granted: [] // all granted, ever - , requested: ['oauth3_authn'] // all requested, now - , accepted: [] // granted (ever) and requested (now) + pending: [ 'authn@oauth3.org' ] // not yet accepted + , granted: [] // all granted, ever + , requested: [ 'authn@oauth3.org' ] // all requested, now + , accepted: [] // granted (ever) and requested (now) }); }; OAUTH3.authz.grants = function (providerUri, opts) {