oauth2/implicit: bad HTML encoding of the scope parameter - closes #95

ory · Sep 21, 2016 · ddd8d03 · ddd8d03
1 parent 9ab84f8
commit ddd8d03
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/handler/oauth2/flow_authorize_implicit.go b/handler/oauth2/flow_authorize_implicit.go
@@ -67,7 +67,7 @@ func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context
 	resp.AddFragment("expires_in", strconv.Itoa(int(c.AccessTokenLifespan/time.Second)))
 	resp.AddFragment("token_type", "bearer")
 	resp.AddFragment("state", ar.GetState())
-	resp.AddFragment("scope", strings.Join(ar.GetGrantedScopes(), "+"))
+	resp.AddFragment("scope", strings.Join(ar.GetGrantedScopes(), " "))
 	ar.SetResponseTypeHandled("token")
 
 	return nil