File tree Expand file tree Collapse file tree 2 files changed +265
-144
lines changed Expand file tree Collapse file tree 2 files changed +265
-144
lines changed Original file line number Diff line number Diff line change @@ -29,6 +29,11 @@ type RefreshTokenGrantHandler struct {
2929 fosite.AudienceStrategyProvider
3030 fosite.RefreshTokenScopesProvider
3131 }
32+
33+ // IgnoreRequestedScopeNotInOriginalGrant determines the action to take when the requested scopes in the refresh
34+ // flow were not originally granted. If false which is the default the handler will automatically return an error.
35+ // If true the handler will filter out / ignore the scopes which were not originally granted.
36+ IgnoreRequestedScopeNotInOriginalGrant bool
3237}
3338
3439// HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6
@@ -105,7 +110,11 @@ func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Contex
105110 for _ , scope := range request .GetRequestedScopes () {
106111 // Addresses point 2 of the text in RFC6749 Section 6.
107112 if ! strategy (originalScopes , scope ) {
108- return errorsx .WithStack (fosite .ErrInvalidScope .WithHintf ("The requested scope '%s' was not originally granted by the resource owner." , scope ))
113+ if c .IgnoreRequestedScopeNotInOriginalGrant {
114+ continue
115+ } else {
116+ return errorsx .WithStack (fosite .ErrInvalidScope .WithHintf ("The requested scope '%s' was not originally granted by the resource owner." , scope ))
117+ }
109118 }
110119
111120 if ! strategy (request .GetClient ().GetScopes (), scope ) {
You can’t perform that action at this time.
0 commit comments