[OAuth2 Provider] Bug in parsing access token request?

Forge Component
(2)
Published on 2019-11-18 by Leonardo Fernandes
2 votes
Published on 2019-11-18 by Leonardo Fernandes

In server action "ParseAccessTokenRequest" is missing scope value assign.

So filtering scopes in "RequestAccessToken_*" action doesn't work.

Q: I don't understant why token is successfully returned even if requested scope is not allowed for given client. I solved it with throwing exception if the filtered scope list is empty (after correcting the issue mentioned above)...

Thanks for any reaction if it is really bug or my misunderstunding.