Skip to content

Commit

Permalink
oauth2: Rejects reqeuests with insufficient permissions
Browse files Browse the repository at this point in the history 
Currently, authorization requests fail when a client is being granted scopes that the client is not allowed to request - after consent.

We should add an additional check that makes sure that the client isn't able to request scopes he isn't allowed to request before doing consent.

We should keep the check after consent as well to make sure he wasn't accidentally granted scopes he isn't allowed to request.

This patch resolves the addressed issue

Closes #776
  • Loading branch information
@arekkas
arekkas authored and arekkas committed May 20, 2018
1 parent fcd9180 commit 7675144
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions Gopkg.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Gopkg.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@

[[constraint]]
name = "github.com/ory/fosite"
version = "0.19.3"
version = "0.19.4"

[[constraint]]
name = "github.com/ory/graceful"
Expand Down

0 comments on commit 7675144

Please sign in to comment.