Sephster
commented
1 year ago The user should be presented with the scopes the client is asking for at the authorisation stage and approve or deny them then. that should be sufficient
Closed AurelienPillevesse closed 11 months ago
Sephster
commented
1 year ago The user should be presented with the scopes the client is asking for at the authorisation stage and approve or deny them then. that should be sufficient
AurelienPillevesse
commented
1 year ago Could be a good idea to add this verification to control everything is good no?
Sephster
commented
11 months ago The end user should be acting as the verifier. There shouldn't need to be any automated solution for this.
When we create a Client, we give him some scopes. It seems that there is no checks to verify that scopes asked for a user and available for this client
I let you correct me if I'm wrong but during my tests, it seems that it's the case