Commit graph

3 commits

Author SHA1 Message Date
Bobby Rullo
c161c2e1c3 scope: don't validate empty scopes
If an empty scope is somehow passed along, it shouldn't be validated
when checking refresh token scope.
2016-06-24 08:31:59 -07:00
Bobby Rullo
32a1994a5e refresh tokens: store and validate scopes.
A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.

This Commit:

* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
  verified
* updates dependent code to pass along scopes
2016-06-14 14:14:36 -07:00
Bobby Rullo
e71c5086ba server: CodeToken now does Cross-Client auth 2016-06-07 17:22:41 -07:00