github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

don't give resource sets default client scopes

pull/708/merge
Justin Richer 2015-03-30 09:56:35 -04:00
parent 7af19dbd61
commit 394785b9c4
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
View File

@ -317,14 +317,9 @@ public class ResourceSetRegistrationEndpoint {
// scopes that the client is asking for // scopes that the client is asking for
Set<SystemScope> requestedScopes = scopeService.fromStrings(rs.getScopes()); Set<SystemScope> requestedScopes = scopeService.fromStrings(rs.getScopes());
// the scopes that the client can have must be a subset of the dynamically allowed scopes // the scopes that the resource set can have must be a subset of the dynamically allowed scopes
Set<SystemScope> allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes); Set<SystemScope> allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes);
// if the client didn't ask for any, give them the defaults
if (allowedScopes == null || allowedScopes.isEmpty()) {
allowedScopes = scopeService.getDefaults();
}
rs.setScopes(scopeService.toStrings(allowedScopes)); rs.setScopes(scopeService.toStrings(allowedScopes));
return rs; return rs;