providers/oauth2: fix token endpoint creating invalid token when no scopes are passed

This commit is contained in:
Jens Langhammer 2020-12-27 14:48:44 +01:00
parent b747022bc1
commit dff5eb69c8

View file

@ -93,7 +93,10 @@ class TokenParams:
self.refresh_token = RefreshToken.objects.get( self.refresh_token = RefreshToken.objects.get(
refresh_token=raw_token, provider=self.provider refresh_token=raw_token, provider=self.provider
) )
# https://tools.ietf.org/html/rfc6749#section-6
# Fallback to original token's scopes when none are given
if self.scope == []:
self.scope = self.refresh_token.scope
except RefreshToken.DoesNotExist: except RefreshToken.DoesNotExist:
LOGGER.warning( LOGGER.warning(
"Refresh token does not exist", "Refresh token does not exist",