Comments (4)
For my purposes, I later realized i could send scope as 'read write' and have same result as sending no scope. So this doesn't matter as much for me anymore.
I did find another similar issue on another oauth repo though, up to you what you want to do. mulesoft-labs/js-client-oauth2#98
from react-oauth2-pkce.
Is there any reason why you don't want this scope as part of the request? Feel free to elaborate your needs a bit more, and we'll look into it!
from react-oauth2-pkce.
I agree that this should be considered a bug. For most servers the current behaviour does not cause any issues, but I see no reason why we shouldn't adhere to the spec on this.
Will you look into a fix @sebastianvitterso ? If not I can have a look in a few weeks time. Also, for some badly implemented servers, empty string should be considered a valid value that will be sent from client.
from react-oauth2-pkce.
@soofstad in my case, I'm accessing a Forgerock auth server that throws a 400 error when "scope" is in the request for the auth token. Is there anyway to disable the scope parameter for only the auth token request, while leaving it in the auth code request?
I imagine this is an edge case, but please let me know if you have any suggestions.
from react-oauth2-pkce.
Related Issues (20)
- Bug: "Bad authorization state" after periods of inactivity HOT 2
- Bug: rename "login" to "logIn" HOT 7
- Bug: Not providing a scope results in "scope=undefined" HOT 1
- Bug: Not possible to change storageKeyPrefix to anything other than 'ROCP_' HOT 1
- 💡 [REQUEST] - support "cookie" config option for access across sub-domains HOT 2
- Bug: Nothing happens when using login() in Next.js HOT 1
- 💡 [REQUEST] - To refresh the access token without triggering login() HOT 2
- Bug: Fail to get token from a Spring Security server HOT 2
- Compatibility with ie11 HOT 1
- 💡 [REQUEST] - Add ability to add headers to requests HOT 6
- 💡 [REQUEST] - Scope parameter is not supported on an authorization code access_token exchange request HOT 8
- Bug: Client authentication with confidential access isn't working HOT 6
- Bug: Redirects replace instead of creating a history entry HOT 2
- 💡 [REQUEST] - Parse (refresh) token expiration from token payload HOT 5
- 💡 [REQUEST] - Refresh access token without resetting the refresh token HOT 1
- Bug: "codeVerifier" and "state" are stored in sessionStorage despite "storage" parameter being "local" HOT 4
- Bug: Does not work correctly if routing type is hash HOT 2
- 💡 [Feature] - Ability to send custom headers in the authorization, token requests HOT 5
- 💡 [REQUEST] - Pass extra parameters to login()-function
- 💡 [FEATURE] - Option in login()-function to not redirect, but instead do it in an iframe or popup HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-oauth2-pkce.