New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refresh_token grant issue #182
Comments
Hey, Thanks for reporting this issue! The OAuth 2 grant types tests are still a bit lacking and for refresh token none even existed. Until now that is =) The |
The promptitude is much appreciated, as well as the lib itself. Thanks again |
Thanks. I did manage to mess it up a little tho, #183, but will have that fixed today. |
Should be sorted now, instead of confirm_scopes just implement get_original_scopes(refresh_token, request) to return the list of scopes granted originally and OAuthLib will do the checking for you. |
Thnx! I'll keep an eye on it
|
hi there.
I've been playing around with the client_credentials and password grant types, as well as the refresh_token grant for tokens issued with the former.
With client_credentials and password, I can send multiple space separated scopes in the
scope
post var which gets transferred into the oauthlib.Request.scopes as a list. So far, fine.When I try the token_refresh grant, it seems it never looks into the scope param in the request, always looks for the scopes, which of course is not there, because the function that turns the space separated list of scopes into a list is never called.
Am I missing something?
Steps to reproduce:
1.make a client_credentials request with scope = 'scope1 scope2'
2.Use the refresh token obtained from this response and make another request with grant_type=refresh_token and scope = 'scope1 scope2'
It will fail to validate request
The text was updated successfully, but these errors were encountered: