What steps will reproduce the problem?
1. Create a OAuth client with two scopes, A and B
2. Request an access token only with scope A available for this client
What is the expected output? What do you see instead?
You get an access_token with valid grant for both A and B scopes where you
should get an access_token only for the A scope.
What version of the product are you using? On what operating system?
Latest one
Please provide any additional information below.
On the file oauth2-php/lib/OAuth2.php on the line 751, you have this code:
$token = $this->createAccessToken($client[0], $user_id, $stored['scope']);
Maybe you should have this one:
$token = $this->createAccessToken($client[0], $user_id, $input['scope']);
Original issue reported on code.google.com by jordineb...@gmail.com on 31 Jul 2013 at 10:35
Original issue reported on code.google.com by
jordineb...@gmail.comon 31 Jul 2013 at 10:35