Send scope when requesting access tokens (#1030)

Resolves: #1029
thephpleague · Dec 10, 2024 · 88cbeb7 · 88cbeb7
1 parent ba1b777
commit 88cbeb7
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # OAuth 2.0 Client Changelog
 
+## x.x.x
+
+* Send scopes with access token request [#1029](https://github.com/thephpleague/oauth2-client/issues/1029)
+
 ## 2.7.0
 
 _Released: 2023-04-16_

diff --git a/composer.json b/composer.json
@@ -6,6 +6,7 @@
         "sort-packages": true
     },
     "require": {
+        "ext-json": "*",
         "php": "^5.6 || ^7.0 || ^8.0",
         "guzzlehttp/guzzle": "^6.0 || ^7.0",
         "paragonie/random_compat": "^1 || ^2 || ^9.99"

diff --git a/src/Provider/AbstractProvider.php b/src/Provider/AbstractProvider.php
@@ -620,6 +620,15 @@ public function getAccessToken($grant, array $options = [])
     {
         $grant = $this->verifyGrant($grant);
 
+        if (empty($options['scope'])) {
+            $options['scope'] = $this->getDefaultScopes();
+        }
+
+        if (is_array($options['scope'])) {
+            $separator = $this->getScopeSeparator();
+            $options['scope'] = implode($separator, $options['scope']);
+        }
+
         $params = [
             'client_id'     => $this->clientId,
             'client_secret' => $this->clientSecret,
@@ -757,7 +766,7 @@ protected function parseJson($content)
      */
     protected function getContentType(ResponseInterface $response)
     {
-        return join(';', (array) $response->getHeader('content-type'));
+        return implode(';', $response->getHeader('content-type'));
     }
 
     /**

diff --git a/test/src/Grant/PasswordTest.php b/test/src/Grant/PasswordTest.php
@@ -20,7 +20,8 @@ protected function getParamExpectation()
             return !empty($body['grant_type'])
                 && $body['grant_type'] === 'password'
                 && !empty($body['username'])
-                && !empty($body['password']);
+                && !empty($body['password'])
+                && !empty($body['scope']);
         };
     }
 

diff --git a/test/src/Provider/AbstractProviderTest.php b/test/src/Provider/AbstractProviderTest.php
@@ -50,7 +50,7 @@ public function testInvalidGrantString()
     public function testInvalidGrantObject()
     {
         $this->expectException(InvalidGrantException::class);
-        $grant = new \StdClass();
+        $grant = new \stdClass();
         $this->getMockProvider()->getAccessToken($grant, ['invalid_parameter' => 'none']);
     }
 
@@ -628,7 +628,7 @@ public function testGetAccessToken($method)
             ->once()
             ->with(
                 ['client_id' => 'mock_client_id', 'client_secret' => 'mock_secret', 'redirect_uri' => 'none'],
-                ['code' => 'mock_authorization_code']
+                ['code' => 'mock_authorization_code', 'scope' => 'test']
             )
             ->andReturn([]);