fix scope check

This commit is contained in:
Konstantin Schaper
2020-11-05 11:27:11 +01:00
parent 7b24a4e95c
commit 4144e29599

View File

@@ -153,7 +153,7 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
@Override
public JwtAccessToken build() {
final Scope principalScope = SecurityUtils.getSubject().getPrincipals().oneByType(Scope.class);
if (principalScope != null) {
if (principalScope != null && !principalScope.isEmpty()) {
if (scope != null && !scope.isEmpty()) {
throw new AuthorizationException(String.format("cannot merge builder scope (%s) with principal scope (%s)", scope, principalScope));
}