From 76751443a1dc359c4973e7f355c982ad56f27ff1 Mon Sep 17 00:00:00 2001 From: arekkas Date: Sun, 20 May 2018 15:16:45 +0200 Subject: [PATCH] oauth2: Rejects reqeuests with insufficient permissions Currently, authorization requests fail when a client is being granted scopes that the client is not allowed to request - after consent. We should add an additional check that makes sure that the client isn't able to request scopes he isn't allowed to request before doing consent. We should keep the check after consent as well to make sure he wasn't accidentally granted scopes he isn't allowed to request. This patch resolves the addressed issue Closes #776 --- Gopkg.lock | 4 ++-- Gopkg.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 61c3ad33d2d..47f5d936af1 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -292,8 +292,8 @@ "token/hmac", "token/jwt" ] - revision = "aaec9940e2c3fc5a696b3d174d517a6ff1490a6f" - version = "v0.19.3" + revision = "0f18305e742c17db1eee6784ce3451837b5fd09a" + version = "v0.19.4" [[projects]] branch = "master" diff --git a/Gopkg.toml b/Gopkg.toml index f08498cabfc..a91d6cd0e83 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -75,7 +75,7 @@ [[constraint]] name = "github.com/ory/fosite" - version = "0.19.3" + version = "0.19.4" [[constraint]] name = "github.com/ory/graceful"