prevent clients from registering with special resource scope

2014-05-26 17:39:20 -04:00 · 2014-05-26 17:39:20 -04:00 · 5ab516de48
parent c34357a433
commit 5ab516de48
1 changed files with 2 additions and 1 deletions
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
@ -69,7 +69,8 @@ public class DefaultSystemScopeService implements SystemScopeService {
 		public boolean apply(String input) {
 			return (input != null &&
 					!input.equals(ID_TOKEN_SCOPE) &&
-					!input.equals(REGISTRATION_TOKEN_SCOPE));
+					!input.equals(REGISTRATION_TOKEN_SCOPE) &&
+					!input.equals(RESOURCE_TOKEN_SCOPE));
 		}
 	};