From 5ab516de482d0b0c5239dc4d2f1cd0e3fc6c4160 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Mon, 26 May 2014 17:39:20 -0400
Subject: [PATCH] prevent clients from registering with special resource scope

---
 .../mitre/oauth2/service/impl/DefaultSystemScopeService.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
index 4437a7f8d..167c447c8 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
@@ -69,7 +69,8 @@ public class DefaultSystemScopeService implements SystemScopeService {
 		public boolean apply(String input) {
 			return (input != null &&
 					!input.equals(ID_TOKEN_SCOPE) &&
-					!input.equals(REGISTRATION_TOKEN_SCOPE));
+					!input.equals(REGISTRATION_TOKEN_SCOPE) &&
+					!input.equals(RESOURCE_TOKEN_SCOPE));
 		}
 	};