mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-31 01:02:14 +00:00
3f8e69211f
Allows scope of OAuth2 ClientRegistration to be null. - The scope setting in the RFC document is defined as Optional. https://tools.ietf.org/html/rfc6749#section-4.1.1 > scope: OPTIONAL. > The scope of the access request as described by Section 3.3. - When the client omits the scope parameter, validation is determined by the authorization server. https://tools.ietf.org/html/rfc6749#section-3.3 > If the client omits the scope parameter when requesting authorization, the authorization server MUST either process the request using a pre-defined default value or fail the request indicating an invalid scope. The authorization server SHOULD document its scope requirements and default value (if defined). Fixes gh-5494