handle app specific scopes if enabled

honestbleeps · honestbleeps · commit 9447e2ddcb04 · 2015-04-24T02:38:59.000-05:00
diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py
@@ -78,8 +78,12 @@ class AuthorizationView(BaseAuthorizationView, FormView):
     skip_authorization_completely = False
 
     def get_initial(self):
-        # TODO: move this scopes conversion from and to string into a utils function
-        scopes = self.oauth2_data.get('scope', self.oauth2_data.get('scopes', []))
+        if oauth2_settings.APP_SPECIFIC_SCOPES:
+            application = Application.objects.get(client_id=self.request.GET['client_id'])
+            scopes = application.allowed_scopes.split(' ')
+        else:
+            # TODO: move this scopes conversion from and to string into a utils function
+            scopes = self.oauth2_data.get('scope', self.oauth2_data.get('scopes', []))
         initial_data = {
             'redirect_uri': self.oauth2_data.get('redirect_uri', None),
             'scope': ' '.join(scopes),
