i using php oauth2 library github repo.
whenever send refresh token, receive new access token old scopes. want change scopes returned new access token.
when first generate token using user credentials grant type, supported scopes user , store them way.
$defaultscope = implode(" ", $scopes);$memory = new oauth2\storage\memory(array('default_scope' =>$defaultscope)); $scopeutil = new oauth2\scope($memory); $this->server->setscopeutil($scopeutil); $this->server->handletokenrequest(oauth2\request::createfromglobals())->send(); where $scopes array
for example $scopes=array("adduser","edituser","editrole");
similarly , if send refresh token using refresh_token grant type , run modified $scopes example $scopes=array("adduser", "editrole");
$defaultscope = implode(" ", $scopes);$memory = new oauth2\storage\memory(array('default_scope' =>$defaultscope)); $scopeutil = new oauth2\scope($memory); $this->server->setscopeutil($scopeutil); $this->server->handletokenrequest(oauth2\request::createfromglobals())->send(); i receive same old scopes("adduser edituser editrole") set when new access token generated using user credentials grant type.
so there way change scopes when new access token generated using refresh token ? or doing wrong here?
a client can "down-scope" when asks new access token in refresh token grant, see documentation around scope in spec here: https://tools.ietf.org/html/rfc6749#section-6 yet authorization server may or may not support that.
Comments
Post a Comment