diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java index e41794046..5273df639 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java @@ -36,7 +36,7 @@ public interface SystemScopeService { public static final String ID_TOKEN_SCOPE = "id-token"; // ID tokens are generated using this scope public static final String REGISTRATION_TOKEN_SCOPE = "registration-token"; // this scope manages dynamic client registrations public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources - public static final String RESOURCE_SET_REGISTRATION_SCOPE = "resource_set_registration"; + public static final String UMA_PROTECTION_SCOPE = "uma_protection"; public static final Set reservedScopes = Sets.newHashSet( diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java index 8bb64faf6..0011a5999 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java @@ -229,8 +229,8 @@ public class ResourceSetRegistrationEndpoint { if (auth instanceof OAuth2Authentication) { OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth; if (oAuth2Authentication.getOAuth2Request().getScope() == null - || !oAuth2Authentication.getOAuth2Request().getScope().contains(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE)) { - throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE)); + || !oAuth2Authentication.getOAuth2Request().getScope().contains(SystemScopeService.UMA_PROTECTION_SCOPE)) { + throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(SystemScopeService.UMA_PROTECTION_SCOPE)); } } }