From 49de2eb76f5cfa12671df9894d79e0eab2932046 Mon Sep 17 00:00:00 2001
From: Yonatan Kalman <yonatan.kalman@klarna.com>
Date: Fri, 14 Aug 2020 12:57:02 +0200
Subject: [PATCH] Remove scope validation

Remove scope validation when saving token in auth code grant type.

Fixes #631
---
 lib/grant-types/authorization-code-grant-type.js            | 3 +--
 test/unit/grant-types/authorization-code-grant-type_test.js | 1 +
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/grant-types/authorization-code-grant-type.js b/lib/grant-types/authorization-code-grant-type.js
index 7eae70f8f..1d4faa594 100644
--- a/lib/grant-types/authorization-code-grant-type.js
+++ b/lib/grant-types/authorization-code-grant-type.js
@@ -176,7 +176,6 @@ AuthorizationCodeGrantType.prototype.revokeAuthorizationCode = function(code) {
 
 AuthorizationCodeGrantType.prototype.saveToken = function(user, client, authorizationCode, scope) {
   var fns = [
-    this.validateScope(user, client, scope),
     this.generateAccessToken(client, user, scope),
     this.generateRefreshToken(client, user, scope),
     this.getAccessTokenExpiresAt(),
@@ -185,7 +184,7 @@ AuthorizationCodeGrantType.prototype.saveToken = function(user, client, authoriz
 
   return Promise.all(fns)
     .bind(this)
-    .spread(function(scope, accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) {
+    .spread(function(accessToken, refreshToken, accessTokenExpiresAt, refreshTokenExpiresAt) {
       var token = {
         accessToken: accessToken,
         authorizationCode: authorizationCode,
diff --git a/test/unit/grant-types/authorization-code-grant-type_test.js b/test/unit/grant-types/authorization-code-grant-type_test.js
index 480416e68..adbcb0df9 100644
--- a/test/unit/grant-types/authorization-code-grant-type_test.js
+++ b/test/unit/grant-types/authorization-code-grant-type_test.js
@@ -83,6 +83,7 @@ describe('AuthorizationCodeGrantType', function() {
           model.saveToken.firstCall.args[1].should.equal(client);
           model.saveToken.firstCall.args[2].should.equal(user);
           model.saveToken.firstCall.thisValue.should.equal(model);
+          handler.validateScope.callCount.should.equal(0);
         })
         .catch(should.fail);
     });