From bbc9bb5fa79e2622340255af3b06ee20edbaac73 Mon Sep 17 00:00:00 2001 From: Michael Gerdemann Date: Fri, 28 Mar 2025 22:25:15 +0100 Subject: [PATCH] Remove default scope 'offline_access' The scope offline_access is not always necessary or useful. --- Classes/OpenIdConnectClient.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Classes/OpenIdConnectClient.php b/Classes/OpenIdConnectClient.php index 03ff11d..723be95 100644 --- a/Classes/OpenIdConnectClient.php +++ b/Classes/OpenIdConnectClient.php @@ -217,7 +217,7 @@ public function startAuthorization(UriInterface $returnToUri, string $scope): Ur throw new \RuntimeException(substr($returnArguments, 6)); } $returnToUri = $returnToUri->withQuery(trim($returnToUri->getQuery() . '&' . OpenIdConnectToken::OIDC_PARAMETER_NAME . '=' . urlencode($returnArguments), '&')); - $scope = trim(implode(' ', array_unique(array_merge(explode(' ', $scope), ['openid', 'offline_access'])))); + $scope = trim(implode(' ', array_unique(array_merge(explode(' ', $scope), ['openid'])))); if (empty($this->options['clientId']) || empty($this->options['clientSecret'])) { throw new \RuntimeException(sprintf('OpenID Connect Client: Authorization Code Flow requires "clientId" and "clientSecret" to be configured for service "%s".', $this->serviceName), 1596456168);