From f9d50db1f171fcb235045847b2257f2af7691d3c Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Wed, 30 Jan 2013 15:45:21 -0500
Subject: [PATCH] don't treat openid scope special here -- by default client
 gets access to *all* scopes it's registered for

---
 .../openid/connect/ConnectAuthorizationRequestManager.java   | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
index f8b819823..66cd1a600 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
@@ -119,12 +119,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
 		Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope"));
 		if ((scopes == null || scopes.isEmpty())) {
 			//TODO: do we want to allow default scoping at all?
-			// If no scopes are specified in the incoming data, it is possible to default to the client's 
-			//registered scopes, but minus the "openid" scope. OpenID Connect requests MUST have the "openid" scope.
 			Set<String> clientScopes = client.getScope();
-			if (clientScopes.contains("openid")) {
-				clientScopes.remove("openid");
-			}
 			scopes = clientScopes;
 		}
 		DefaultAuthorizationRequest request = new DefaultAuthorizationRequest(inputParams, Collections.<String, String> emptyMap(), clientId, scopes);