From de0a270f31f4527f94b55872a0db7afd82e4f002 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Wed, 9 Oct 2024 16:06:06 -0500
Subject: Pass the scope from the token, not application

There are at times when a token's scope could be attenuated for
whatever reason from the full scope allowed to the application. In
those instances, it is necessary to use the token's scope rather than
the full scope.
---
 gn2/wqflask/oauth2/client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'gn2/wqflask/oauth2')

diff --git a/gn2/wqflask/oauth2/client.py b/gn2/wqflask/oauth2/client.py
index a7d20f6b..3ee1c36f 100644
--- a/gn2/wqflask/oauth2/client.py
+++ b/gn2/wqflask/oauth2/client.py
@@ -152,7 +152,7 @@ def oauth2_client():
         client = OAuth2Session(
             oauth2_clientid(),
             oauth2_clientsecret(),
-            scope=SCOPE,
+            scope=token["scope"],
             token_endpoint=urljoin(authserver_uri(), "auth/token"),
             token_endpoint_auth_method="client_secret_post",
             token=token,
-- 
cgit v1.2.3