From 127507246e40186e97adf5060d9312e5372a43f2 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 6 Sep 2013 13:30:22 -0400 Subject: [PATCH] if the client doesn't ask for any system scopes, but asks for some non-system scopes, they'll now get the defaults instead of none addresses #498 --- .../connect/web/ClientDynamicRegistrationEndpoint.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index dbacb3d27..b8b2adbad 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -116,14 +116,14 @@ public class ClientDynamicRegistrationEndpoint { // scopes that the client is asking for Set requestedScopes = scopeService.fromStrings(newClient.getScope()); - // if the client didn't ask for any, give them the defaults - if (requestedScopes == null || requestedScopes.isEmpty()) { - requestedScopes = scopeService.getDefaults(); - } - // the scopes that the client can have must be a subset of the dynamically allowed scopes Set allowedScopes = Sets.intersection(dynScopes, requestedScopes); + // if the client didn't ask for any, give them the defaults + if (allowedScopes == null || allowedScopes.isEmpty()) { + allowedScopes = scopeService.getDefaults(); + } + newClient.setScope(scopeService.toStrings(allowedScopes));