-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't see how and why oauth2_backend:verify_resowner_scope/3 returns a client #44
Comments
Hi @IvanMartinez, this change was introduced to solve a problem that occurred while using Greets, |
…ntication and fix for #38 WARNING: Breaks the compatibility with existing backend implementations The client can now be authenticated before the resource owner's credentials. See RFC6749 / Section 4.3.2 for more details. In addition to AppCtx and Scope, oauth2_backend:verify_resowner_scope/3 now returns the ClientIdentity so that oauth2:authorize_resource_owner/3 can set the client for the #authorization{} record and oauth2:refresh_access_token/5 can be successfully executed.
Hello David, |
Hello all,
I can't understand the change made here to verify_resowner_scope's result:
511fc9c
How can the function return a client from a resource owner and a scope?. And what is the point of doing so?. Apparently it has to be the same client as the one returned by get_client_identity/2 in oauth2:authorize_code_request/6. How is this supposed to work?.
Thank you,
Ivan
The text was updated successfully, but these errors were encountered: