Scopes asked by client
AurelienPillevesse opened this issue · comments
Aurélien Pillevesse commented
When we create a Client, we give him some scopes.
It seems that there is no checks to verify that scopes asked for a user and available for this client
I let you correct me if I'm wrong but during my tests, it seems that it's the case
Andrew Millington commented
The user should be presented with the scopes the client is asking for at the authorisation stage and approve or deny them then. that should be sufficient
Aurélien Pillevesse commented
Could be a good idea to add this verification to control everything is good no?
Andrew Millington commented
The end user should be acting as the verifier. There shouldn't need to be any automated solution for this.