From a8fbacf462e0b93388a848ba4b59b9d4bec5a9a2 Mon Sep 17 00:00:00 2001
From: Ib Lundgren <ib.lundgren@gmail.com>
Date: Thu, 20 Jun 2013 14:53:42 +0100
Subject: Fix scope validation on refresh token grant.

---
 oauthlib/oauth2/rfc6749/grant_types/refresh_token.py | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

(limited to 'oauthlib/oauth2/rfc6749/grant_types')

diff --git a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
index 2a4bd20..9791e62 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
@@ -96,18 +96,4 @@ class RefreshTokenGrant(GrantTypeBase):
                       request.refresh_token, request.client)
             raise errors.InvalidGrantError(request=request)
 
-        # OPTIONAL. The scope of the access request as described by
-        # Section 3.3. The requested scope MUST NOT include any scope
-        # not originally granted by the resource owner, and if omitted is
-        # treated as equal to the scope originally granted by the
-        # resource owner.
-        if request.scopes:
-            log.debug('Ensuring refresh token %s has access to scopes %r.',
-                    request.refresh_token, request.scopes)
-        else:
-            log.debug('Reusing scopes from previous access token.')
-        if not self.request_validator.confirm_scopes(request.refresh_token,
-                request.scopes, request):
-            log.debug('Refresh token %s lack requested scopes, %r.',
-                      request.refresh_token, request.scopes)
-            raise errors.InvalidScopeError(state=request.state, request=request)
+        self.validate_scopes(request)
-- 
cgit v1.2.1