Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12997

Consent for default scopes are not saved

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.1, 6.0.0, 6.5.0
    • Fix Version/s: 6.5.0, 6.0.1, 5.5.2
    • Component/s: oauth2
    • Labels:
    • Sprint:
      AM Sustaining Sprint 54
    • Story Points:
      3
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When OAuth2 authorization requests are made without explicitly asking for scopes and the consent is saved by the end-user, the saved consent won't actually contain the default scopes (that will be issued for the access token).

      How to reproduce the issue

      Expected behaviour

      The second auth code request will not display the consent page.

      Current behaviour

      The consent saved at the first request does not contain the non-requested but given default scope, hence the save consent screen is displayed again.

        Attachments

          Activity

            People

            • Assignee:
              lawrence.yarham Lawrence Yarham
              Reporter:
              peter.major Peter Major [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: