Appauth-android: Add option to specify scope for token refresh (or performActionWithFreshTokens)

Created on 5 Mar 2021  路  3Comments  路  Source: openid/AppAuth-Android

currently here is no option to specify scope that we would like to request for given access_token. Even scope specified in authState is not send with refresh request -> it's hardcoded as null.

my use-case would require accessing different endpoints with different access tokens which should be scoped

Can you see some solution, workaround for that?

enhancement

Most helpful comment

related PRs that I've found so far:

initially authored by @WilliamDenniss - would that be ok for you to bring scopes back to token_refresh request (some additional checks if scope was initially requested might be needed to be in line with specs)

I'm happy to prepare PR with support for this case

All 3 comments

seems to be officially supported by standard

https://tools.ietf.org/html/rfc6749#section-6

scope
OPTIONAL. The scope of the access request as described by
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
resource owner

related PRs that I've found so far:

initially authored by @WilliamDenniss - would that be ok for you to bring scopes back to token_refresh request (some additional checks if scope was initially requested might be needed to be in line with specs)

I'm happy to prepare PR with support for this case

Any ideas when this will be introduced?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ratkins picture ratkins  路  3Comments

zamzterz picture zamzterz  路  6Comments

Jawnnypoo picture Jawnnypoo  路  3Comments

morphine9 picture morphine9  路  7Comments

hallerio picture hallerio  路  7Comments