Update changelog for #2622
This commit is contained in:
parent
b21500122d
commit
e0adae7436
|
@ -29,6 +29,19 @@ None
|
|||
2.0.14
|
||||
------
|
||||
|
||||
Empty scopes now rejected in OAuth2.0 grants
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Previously, it was possible to be granted an empty scope, or an automatic
|
||||
``openid`` scope when doing :ref:`OAuth2.0 Password Grant
|
||||
<resource-owner-password-grant>` or :ref:`Client Credentials Grant
|
||||
<client-credentials-grant>`.
|
||||
|
||||
Starting with *2.0.14*, empty scopes are no longer allowed (:rfc:`6749#section-3.3`).
|
||||
You need to either add a `scope` parameter to your request, or define a default
|
||||
scope in your Relying Party's :ref:`Scope Rules <oidcscoperules>`.
|
||||
|
||||
|
||||
Portal templates changes
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user