Hi, According to the specification[1] invalid_scope error code must be shown when we give invalid scope, unknown scope and etc. As we need to support custom scope as well, so we can't have a predefined list of scopes. From the current implementation it doesn't prompt the error code.
As shown in [2], the scope is always set to true. So as far as I can understand it's not validating the scope in a correct manner. Any insight on this will be highly appreciated. [1] https://tools.ietf.org/html/rfc6749#section-5.2 [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/callback/DefaultCallbackHandler.java#L37 Thank you, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
