From dae941323bb3c32edd546e3a84823667d584b741 Mon Sep 17 00:00:00 2001
From: tigerbot <seth.gibelyou@daplie.com>
Date: Fri, 11 Aug 2017 18:13:48 -0600
Subject: [PATCH] added another place in token to find grants in tokens

---
 lib/apis.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/apis.js b/lib/apis.js
index 8eead30..c426c88 100644
--- a/lib/apis.js
+++ b/lib/apis.js
@@ -280,12 +280,13 @@ module.exports.create = function (xconfx, apiFactories, apiDeps) {
               res.send({ error: { message: "You must be logged in", code: "E_NO_AUTHN" } });
               return;
             }
-            if ('string' !== typeof req.oauth3.token.scp) {
-              res.send({ error: { message: "Token must contain a grants string in 'scp'", code: "E_NO_GRANTS" } });
+            var scope = req.oauth3.token.scope || req.oauth3.token.scp || req.oauth3.token.grants;
+            if ('string' !== typeof scope) {
+              res.send({ error: { message: "Token must contain a grants string in 'scope'", code: "E_NO_GRANTS" } });
               return;
             }
 
-            tokenScopes = req.oauth3.token.scp.split(/[,\s]+/mg);
+            tokenScopes = scope.split(/[,\s]+/mg);
             if (-1 !== tokenScopes.indexOf('*')) {
               // has full account access
               next();