Open jimrobinson opened 8 months ago
I may be missing a section in the specification that discusses ordering dependencies, but my reading of https://openid.net/specs/openid-connect-basic-1_0.html#Scopes is that the order of the tokens in the "scope" parameter don't matter.
Right now the mockoidc server requires that "openid" be the first token in the scope list before it will add id_token.
If the spec doesn't require ordering, would it be appropriate to change the logic to iterate over the scopes?
See pull request https://github.com/oauth2-proxy/mockoidc/pull/48
I may be missing a section in the specification that discusses ordering dependencies, but my reading of https://openid.net/specs/openid-connect-basic-1_0.html#Scopes is that the order of the tokens in the "scope" parameter don't matter.
Right now the mockoidc server requires that "openid" be the first token in the scope list before it will add id_token.
If the spec doesn't require ordering, would it be appropriate to change the logic to iterate over the scopes?
See pull request https://github.com/oauth2-proxy/mockoidc/pull/48