Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

OAuth 2 tokens have duplicated scopes

Not applicable

If I have a developer app which has access to the products:

  • P1
    • Allowed OAuth Scopes: A, B, C
  • P2
    • Allowed OAuth Scopes: A, B

The resulting token has:

"scope": "A B A B C"

Does that make sense? Shouldn't the values be unique (i.e., "A B C")?

(Validation still works as expected, it's just that the tokens look "funny")

This is on OPDK 4.16.09.02

0 3 202
3 REPLIES 3
Top Solution Authors