-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move validateScope outside promise.all #84
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When there is an invalid scope passed, there is still an
accessToken
andrefreshToken
generated.Code
node-oauth2-server/lib/grant-types/password-grant-type.js
Lines 105 to 127 in 0154165
Suggestion
Move
this.validateScope(user, client, scope)
out of the array and check this before generating the tokens.Use case
We use JWT's and only an internal token id is saved instead of the full JWT string. This means generating the token automatically means saving the token. So we are not actually using the
saveToken
function.The text was updated successfully, but these errors were encountered: