Skip to content

Commit

Permalink
Authorization Code token exchange ignores scope parameter; also cla…
Browse files Browse the repository at this point in the history
…rify `scope` when refreshing a token (#2222)
  • Loading branch information
LikeLakers2 authored Apr 6, 2021
1 parent 5d1f03c commit 5796503
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions docs/topics/OAuth2.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,6 @@ https://nicememe.website/?code=NhhvTDYsFcdgNLnnLijcl7Ku7bEEeee&state=15773059ghq
- `grant_type` - must be set to `authorization_code`
- `code` - the code from the querystring
- `redirect_uri` - your `redirect_uri`
- `scope` - the scopes requested in your authorization url, space-delimited

###### Access Token Exchange Example

Expand All @@ -100,8 +99,7 @@ def exchange_code(code):
'client_secret': CLIENT_SECRET,
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': REDIRECT_URI,
'scope': 'identify email connections'
'redirect_uri': REDIRECT_URI
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
Expand Down Expand Up @@ -132,7 +130,7 @@ Having the user's access token allows your application to make certain requests
- `grant_type` - must be set to `refresh_token`
- `refresh_token` - the user's refresh token
- `redirect_uri` - your `redirect_uri`
- `scope` - the scopes requested in your authorization url, space-delimited
- `scope` - one or more scopes requested in your authorization url, space-delimited (optional, will be treated as equal to all granted scopes if empty or omitted)

###### Refresh Token Exchange Example

Expand Down

0 comments on commit 5796503

Please sign in to comment.