[OAuth2 Provider] Bug in parsing access token request?

Back to Forums

Roman Scheinherr

Solved

Question

Forge

In server action "ParseAccessTokenRequest" is missing scope value assign.

So filtering scopes in "RequestAccessToken_*" action doesn't work.

Q: I don't understant why token is successfully returned even if requested scope is not allowed for given client. I solved it with throwing exception if the filtered scope list is empty (after correcting the issue mentioned above)...

Thanks for any reaction if it is really bug or my misunderstunding.

13 Apr 2020

Leonardo Fernandes

MVP

Solution

This has been fixed in version 4.0.0.

22 Apr 2024

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines