Closed AurelienPillevesse closed 11 months ago
The user should be presented with the scopes the client is asking for at the authorisation stage and approve or deny them then. that should be sufficient
Could be a good idea to add this verification to control everything is good no?
The end user should be acting as the verifier. There shouldn't need to be any automated solution for this.
When we create a Client, we give him some scopes. It seems that there is no checks to verify that scopes asked for a user and available for this client
I let you correct me if I'm wrong but during my tests, it seems that it's the case