From 351bec6019fa5f169b0a6ea49183ad3533f20bf1 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 29 Apr 2013 00:01:07 +0100 Subject: [PATCH] Don't associate a scope with a session, we associate it with an access token later --- src/OAuth2/Grant/AuthCode.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/OAuth2/Grant/AuthCode.php b/src/OAuth2/Grant/AuthCode.php index 37c540bf..cee20e03 100644 --- a/src/OAuth2/Grant/AuthCode.php +++ b/src/OAuth2/Grant/AuthCode.php @@ -157,11 +157,11 @@ class AuthCode implements GrantTypeInterface { // Remove any old sessions the user might have $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId); - - // Associate scopes with the new session + // List of scopes IDs + $scopeIds = array(); foreach ($authParams['scopes'] as $scope) { - $this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']); + $scopeIds[] = $scope['id']; } // Create a new session @@ -237,6 +237,14 @@ class AuthCode implements GrantTypeInterface { $accessTokenExpires, 'granted' ); + // Associate scopes with the access token + if ( ! is_null($session['scope_ids'])) { + $scopeIds = explode(',', $session['scope_ids']); + + foreach ($scopeIds as $scopeId) { + $this->authServer->getStorage('session')->associateScope($accessTokenId, $scopeId); + } + } $response = array( 'access_token' => $accessToken,