[
https://issues.apache.org/jira/browse/CXF-4673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510149#comment-13510149
]
Steven Tippetts commented on CXF-4673:
--------------------------------------
This is a different use than what you describe; but it isn't something that is
against the OAuth specification. Also, the change would be minimal since both
calls to getPreauthorizedToken have requestedScope available and can just be
added as a parameter. It is also a natural parameter because the
ServerAccessToken has a property for it already, so it makes sense to pass it
in so it can be used if needed. Adding this just makes your implementation more
robust.
> [OAuth2] Add requestedScope as a parameter to getPreauthorizedToken
> -------------------------------------------------------------------
>
> Key: CXF-4673
> URL: https://issues.apache.org/jira/browse/CXF-4673
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
>
> When using pre-authorized tokens I need the requested scope to be able to
> create the token.
> Please change the OAuthDataProvider interface to include:
> {code}
> ServerAccessToken getPreauthorizedToken(Client client,
> UserSubject subject,
> String grantType,
> List<String> requestedScope)
> throws OAuthServiceException;
> {code}
> And change RedirectionBasedGrantService.java and AbstractGrantHandler.java to
> pass the requestedScope variable in to getPreauthorizedToken.
> Thanks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
