Open MarioHoberg opened 7 years ago
I'm also having this issue. Is it just a case of removing 'scope' => $this->getVariable(self::CONFIG_SUPPORTED_SCOPES, null)
?
Also having this issue. Only want to grant scopes when they are explicitly passed.
+1
If I got it correctly, when a token request (e.g.) with a client_crendentials grant and without scope is received, a token for all configured scopes is granted.
See code around https://github.com/FriendsOfSymfony/oauth2-php/blob/master/lib/OAuth2.php#L846
RFC6749 3.3. seems to allow for arbitrary defaults, but IMHO a library limiting the default to all available scopes is bad practice.
I suggest to fallback to an empty scope and maybe support a configurable default.