From 9a6f345e1545774029d3cca6fe45fa22ddff44df Mon Sep 17 00:00:00 2001
From: William Kim <wkim@mitre.org>
Date: Fri, 12 Jul 2013 15:05:17 -0400
Subject: [PATCH] yes, allow default scoping if the client doesn't ask for any.

---
 .../openid/connect/ConnectAuthorizationRequestManager.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
index 85e94dd07..52d81dfb7 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
@@ -114,7 +114,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
 
 		Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope"));
 		if ((scopes == null || scopes.isEmpty())) {
-			//TODO: do we want to allow default scoping at all?
+			// default scoping
 			Set<String> clientScopes = client.getScope();
 			scopes = clientScopes;
 		}