You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Try to refresh a token sending the scope field with strings separated by +. The users of the API just tried to use the same format they used on issuing a token (authorization_code grant).
Expected behavior
It refreshes the access token like when sending scopes separated by space.
Actual behavior
It returns a 401 with:
{
"error": "invalid_scope",
"error_description": "O escopo requisitado é inválido, desconhecido ou malformado."
}
System configuration
Doorkeeper initializer:
# config/initializers/doorkeeper.rbDoorkeeper.configuredooptional_scopesSCOPESnative_redirect_uriURISuse_refresh_tokengrant_flows%w(authorization_code)skip_authorizationdo |_,client|
client.scopes.include?("mobile")endend# just injects some stuff in the responseDoorkeeper::OAuth::TokenResponse.send:prepend,Doorkeeper::CustomTokenResponse
Steps to reproduce
Try to refresh a token sending the scope field with strings separated by
+
. The users of the API just tried to use the same format they used on issuing a token (authorization_code
grant).Expected behavior
It refreshes the access token like when sending scopes separated by space.
Actual behavior
It returns a 401 with:
System configuration
Doorkeeper initializer:
Ruby version:
2.6.10
Gemfile.lock:
Gemfile.lock content
The text was updated successfully, but these errors were encountered: