Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17721

OAuth2 Device grant - scope is missing from token response

    XMLWordPrintable

    Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.5.2.3, 7.0.1
    • 6.5.4, 7.1.0
    • oauth2
    • AM Sustaining Sprint 85, AM Sustaining Sprint 86
    • 3
    • Yes
    • No
    • Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Issue is not present in 7.1.0 +

       

      All OAuth2 grants are returning the scope in the /access_token response e.g. 

      {
          "access_token": "flFfSR0h9WOH-1ghATXGVVPoPqM",
          "refresh_token": "k1dqp2lQwKN4scbyC2J6GGVtanI",
          "scope": "profile",
          "token_type": "Bearer",
          "expires_in": 3599
      }
      

      At the Device grant though, the scope is missing:

      {
          "access_token": "KHMAr4iR3I6SO4iYhJQ94RmSF2s",
          "refresh_token": "dlQUWNZcYz56lHR_Kxz0xoG_BCs",
          "token_type": "Bearer",
          "expires_in": 3598
      }
      

      The DeviceCodeGrantTypeHandler.java is missing the following code compared to the other grants:

      if (permittedScope != null && !permittedScope.isEmpty()) {
                      accessToken.addExtraData(SCOPE, () -> Utils.joinScope(permittedScope)); 
      

      The request is to add it for the device grant too so the behavior is consistent across all flows.

        Attachments

          Activity

            People

            joe.starling Joe Starling
            anastasios.kampas Anastasios Kampas
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: