My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 28: Access tokens always grant all the clients scopes
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


 
Reported by jordineb...@gmail.com, Jul 31, 2013
What steps will reproduce the problem?
1. Create a OAuth client with two scopes, A and B 
2. Request an access token only with scope A available for this client

What is the expected output? What do you see instead?
You get an access_token with valid grant for both A and B scopes where you should get an access_token only for the A scope.


What version of the product are you using? On what operating system?
Latest one 

Please provide any additional information below.
On the file oauth2-php/lib/OAuth2.php on the line 751, you have this code:
   $token = $this->createAccessToken($client[0], $user_id, $stored['scope']);

Maybe you should have this one:
    $token = $this->createAccessToken($client[0], $user_id, $input['scope']);



Powered by Google Project Hosting