Assume requested scopes when response response doesn't contain scope I…

…dentityModel#856
chrisgbaker · Aug 7, 2019 · d6e83ac · d6e83ac
1 parent 251f737
commit d6e83ac
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/src/ResponseValidator.js b/src/ResponseValidator.js
@@ -130,6 +130,11 @@ export class ResponseValidator {
             return Promise.reject(new Error("Unexpected code in response"));
         }
 
+        if (!response.scope) {
+            // if there's no scope on the response, then assume all scopes granted (per-spec) and copy over scopes from original request
+            response.scope = state.scope;
+        }
+
         return Promise.resolve(response);
     }
 

diff --git a/src/SigninRequest.js b/src/SigninRequest.js
@@ -49,7 +49,7 @@ export class SigninRequest {
             data, client_id, authority, redirect_uri, 
             code_verifier: code, 
             request_type, response_mode,
-            client_secret });
+            client_secret, scope });
 
         url = UrlUtility.addQueryParam(url, "client_id", client_id);
         url = UrlUtility.addQueryParam(url, "redirect_uri", redirect_uri);

diff --git a/src/SigninState.js b/src/SigninState.js
@@ -7,7 +7,7 @@ import { JoseUtil } from './JoseUtil.js';
 import random from './random.js';
 
 export class SigninState extends State {
-    constructor({nonce, authority, client_id, redirect_uri, code_verifier, response_mode, client_secret} = {}) {
+    constructor({nonce, authority, client_id, redirect_uri, code_verifier, response_mode, client_secret, scope} = {}) {
         super(arguments[0]);
 
         if (nonce === true) {
@@ -35,6 +35,7 @@ export class SigninState extends State {
         this._client_id = client_id;
         this._response_mode = response_mode;
         this._client_secret = client_secret;
+        this._scope = scope;
     }
 
     get nonce() {
@@ -61,6 +62,9 @@ export class SigninState extends State {
     get client_secret() {
         return this._client_secret;
     }
+    get scope() {
+        return this._scope;
+    }
 
     toStorageString() {
         Log.debug("SigninState.toStorageString");
@@ -75,7 +79,8 @@ export class SigninState extends State {
             authority: this.authority,
             client_id: this.client_id,
             response_mode: this.response_mode,
-            client_secret: this.client_secret
+            client_secret: this.client_secret,
+            scope: this.scope
         });
     }