/* * In the user consent filter the scopes are (possible) set on the Request */ private void processScopes(AuthorizationRequest authReq, HttpServletRequest request) { if (authReq.getClient().isSkipConsent()) { // return the scopes in the authentication request since the requested scopes are stored in // the // authorizationRequest. authReq.setGrantedScopes(authReq.getRequestedScopes()); } else { String[] scopes = (String[]) request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES); if (!ArrayUtils.isEmpty(scopes)) { authReq.setGrantedScopes(Arrays.asList(scopes)); } else { authReq.setGrantedScopes(null); } } }