MDL-71119 core_badges: Initialise scopes param in backpack-connect.php

The scopes parameter should be passed when creating the OAuth2 badges client. As it is an optional parameter, when it's empty, it will be initilised with the supported scopes for the backpack issuer. It will happen, for instance, when a call is done to oauth2callback.php because, as defined in RFC6749, OAuth2 authorization response only supports code and state.
dpalou · Apr 14, 2021 · c974a59 · c974a59
1 parent 511a87f
commit c974a59
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/badges/backpack-connect.php b/badges/backpack-connect.php
@@ -43,6 +43,10 @@
     $returnurl = new moodle_url('/badges/backpack-connect.php',
         ['action' => 'authorization', 'sesskey' => sesskey(), 'backpackid' => $backpackid]);
 
+    // If scope is not passed as parameter, use the issuer supported scopes.
+    if (empty($scope)) {
+        $scope = $issuer->get('scopessupported');
+    }
     $client = new core_badges\oauth2\client($issuer, $returnurl, $scope, $externalbackpack);
     if ($client) {
         if (!$client->is_logged_in()) {