youaremine / oauth2-php

Automatically exported from code.google.com/p/oauth2-php
MIT License
0 stars 0 forks source link

Access tokens always grant all the clients scopes #28

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Create a OAuth client with two scopes, A and B 
2. Request an access token only with scope A available for this client

What is the expected output? What do you see instead?
You get an access_token with valid grant for both A and B scopes where you 
should get an access_token only for the A scope.

What version of the product are you using? On what operating system?
Latest one 

Please provide any additional information below.
On the file oauth2-php/lib/OAuth2.php on the line 751, you have this code:
   $token = $this->createAccessToken($client[0], $user_id, $stored['scope']);

Maybe you should have this one:
    $token = $this->createAccessToken($client[0], $user_id, $input['scope']);

Original issue reported on code.google.com by jordineb...@gmail.com on 31 Jul 2013 at 10:35