[
https://issues.apache.org/jira/browse/CXF-4673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510529#comment-13510529
]
Steven Tippetts commented on CXF-4673:
--------------------------------------
Thank you. By the way, in the method convertScopeToPermissions in my
OAuthDataProvider object, I filter out any of the requested scopes that are not
in my list of approved scopes from my pre-registered clients. This way the
client doesn't get more permissions than they are approved for and they also
only get the permissions they ask for.
> [OAuth2] Add requestedScope as a parameter to getPreauthorizedToken
> -------------------------------------------------------------------
>
> Key: CXF-4673
> URL: https://issues.apache.org/jira/browse/CXF-4673
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
>
> When using pre-authorized tokens I need the requested scope to be able to
> create the token.
> Please change the OAuthDataProvider interface to include:
> {code}
> ServerAccessToken getPreauthorizedToken(Client client,
> UserSubject subject,
> String grantType,
> List<String> requestedScope)
> throws OAuthServiceException;
> {code}
> And change RedirectionBasedGrantService.java and AbstractGrantHandler.java to
> pass the requestedScope variable in to getPreauthorizedToken.
> Thanks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
