authorize: check scope when granting by default

This commit is contained in:
informatic 2020-05-30 23:09:38 +02:00
parent a5e1465c28
commit fa7912621d

View file

@ -124,6 +124,7 @@ def authorize():
if Token.query.filter(
Token.client_id == grant.client.client_id,
Token.user_id == current_user.get_user_id(),
Token.scope == grant.request.scope,
).count():
# User has unrevoked token already - grant by default
return authorization.create_authorization_response(grant_user=current_user)