Fix AuthenticateWithDeviceAsync() to flow the scopes attached to the …

…request model
openiddict · Sep 26, 2023 · 6adad83 · 6adad83
1 parent 1e7769c
commit 6adad83
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@@ -2252,7 +2252,8 @@ public ValueTask HandleAsync(ProcessAuthenticationContext context)
                 string type => type
             };
 
-            if (context.Scopes.Count > 0)
+            if (context.Scopes.Count > 0 &&
+                context.TokenRequest.GrantType is not (GrantTypes.AuthorizationCode or GrantTypes.DeviceCode))
             {
                 // Note: the final OAuth 2.0 specification requires using a space as the scope separator.
                 // Clients that need to deal with older or non-compliant implementations can register

diff --git a/src/OpenIddict.Client/OpenIddictClientService.cs b/src/OpenIddict.Client/OpenIddictClientService.cs
@@ -522,6 +522,11 @@ public async ValueTask<DeviceAuthenticationResult> AuthenticateWithDeviceAsync(D
                             is Dictionary<string, OpenIddictParameter> parameters ? new(parameters) : new(),
                     };
 
+                    if (request.Scopes is { Count: > 0 })
+                    {
+                        context.Scopes.UnionWith(request.Scopes);
+                    }
+
                     if (request.Properties is { Count: > 0 })
                     {
                         foreach (var property in request.Properties)