Feb 26th, 2013, 08:02 AM
No scope response parameter in when using implicit grant
According to RFC 6749 Section 4.2.2, the scope response parameter is a required parameter if the granted scopes are different than those requested. However, looking at the AuthorizationEndpoint.appendAccessToken in the 1.0.1.RELEASE, the scope parameter is never appended to the redirect URL. Was this intentional?
Feb 27th, 2013, 03:08 AM
Probably not. If you want to fix it, feel free (follow process in README). Raise a ticket in JIRA in any case.