currently here is no option to specify scope that we would like to request for given access_token. Even scope specified in authState is not send with refresh request -> it's hardcoded as null.
my use-case would require accessing different endpoints with different access tokens which should be scoped
Can you see some solution, workaround for that?
seems to be officially supported by standard
https://tools.ietf.org/html/rfc6749#section-6
scope
OPTIONAL. The scope of the access request as described by
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
resource owner
related PRs that I've found so far:
initially authored by @WilliamDenniss - would that be ok for you to bring scopes back to token_refresh request (some additional checks if scope was initially requested might be needed to be in line with specs)
I'm happy to prepare PR with support for this case
Any ideas when this will be introduced?
Most helpful comment
related PRs that I've found so far:
initially authored by @WilliamDenniss - would that be ok for you to bring scopes back to token_refresh request (some additional checks if scope was initially requested might be needed to be in line with specs)
I'm happy to prepare PR with support for this case