From 351c2e97ea5367238e37a17cf9d90c11109e9afc Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Thu, 9 May 2013 10:06:26 -0700
Subject: [PATCH] If scope parameter is required and there are not requested
 scopes AND there is no default scope set then fail

Should have been included in with previous commit
---
 src/League/OAuth2/Server/Grant/ClientCredentials.php | 2 +-
 src/League/OAuth2/Server/Grant/Password.php          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/League/OAuth2/Server/Grant/ClientCredentials.php b/src/League/OAuth2/Server/Grant/ClientCredentials.php
index f0dfcf7f..ce5110df 100644
--- a/src/League/OAuth2/Server/Grant/ClientCredentials.php
+++ b/src/League/OAuth2/Server/Grant/ClientCredentials.php
@@ -122,7 +122,7 @@ class ClientCredentials implements GrantTypeInterface {
             if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
         }
 
-        if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) {
+        if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
             throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
         } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
             $scopes = array($this->authServer->getDefaultScope());
diff --git a/src/League/OAuth2/Server/Grant/Password.php b/src/League/OAuth2/Server/Grant/Password.php
index e59f5ecf..da3b9f1e 100644
--- a/src/League/OAuth2/Server/Grant/Password.php
+++ b/src/League/OAuth2/Server/Grant/Password.php
@@ -166,7 +166,7 @@ class Password implements GrantTypeInterface {
             if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
         }
 
-        if ($this->authServer->scopeParamRequired() === true && count($scopes) === 0) {
+        if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
             throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
         } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope()) {
             $scopes = array($this->authServer->getDefaultScope());