From 252cb25b5e4d93e186a70a3c6c8177b530e5351e Mon Sep 17 00:00:00 2001
From: Chuan Ma <Chuan.Ma@avidlifemedia.com>
Date: Sun, 28 Apr 2013 19:11:48 -0400
Subject: [PATCH] When granting an access token, its scope should honor the
 scope specified in the request instead of the stored default scope

---
 lib/OAuth2/OAuth2.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/OAuth2/OAuth2.php b/lib/OAuth2/OAuth2.php
index 5898732..f61a633 100644
--- a/lib/OAuth2/OAuth2.php
+++ b/lib/OAuth2/OAuth2.php
@@ -723,7 +723,12 @@ public function grantAccessToken(Request $request = NULL) {
       throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, 'An unsupported scope was requested.');
     }
 
-    $token = $this->createAccessToken($client, $stored['data'], $stored['scope']);
+    // grant all possible scopes if the request doesn't pass in a scope value.
+    if (!$input['scope']) {
+        $input['scope'] = $stored['scope'];
+    }
+
+    $token = $this->createAccessToken($client, $stored['data'], $input['scope']);
 
     return new Response(json_encode($token), 200, $this->getJsonHeaders());
   }