@Override public ServerAuthorizationCodeGrant createCodeGrant(final AuthorizationCodeRegistration acr) throws OAuthServiceException { grant = new ServerAuthorizationCodeGrant(client, 3600L); grant.setRedirectUri(acr.getRedirectUri()); grant.setSubject(acr.getSubject()); final List<String> scope = acr.getApprovedScope().isEmpty() ? acr.getRequestedScope() : acr.getApprovedScope(); grant.setApprovedScopes(scope); return grant; }