mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
jubnl
5b44fe68b1
When a client requests scopes it is not permitted for, silently drop them rather than failing the entire authorization flow. The token is issued with only the intersection of requested and allowed scopes. Also fix /authorize/validate to always return HTTP 200 so the consent page can surface the actual error_description instead of a generic axios failure message.