From 38016c27abb7c984d3ded00452a63fd4d3a46e77 Mon Sep 17 00:00:00 2001
From: Kirill Kovalev <kirill.kovalev@abblix.com>
Date: Fri, 5 Jul 2024 23:29:25 +0300
Subject: [PATCH] Fix saving granted resource scopes in AuthorizationContext

---
 .../Authorization/AuthorizationRequestProcessor.cs          | 6 +++++-
 .../Endpoints/Token/TokenAuthorizationContextEvaluator.cs   | 4 +++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Abblix.Oidc.Server/Endpoints/Authorization/AuthorizationRequestProcessor.cs b/Abblix.Oidc.Server/Endpoints/Authorization/AuthorizationRequestProcessor.cs
index 712b3a4..15414c9 100644
--- a/Abblix.Oidc.Server/Endpoints/Authorization/AuthorizationRequestProcessor.cs
+++ b/Abblix.Oidc.Server/Endpoints/Authorization/AuthorizationRequestProcessor.cs
@@ -149,7 +149,11 @@ public async Task<AuthorizationResponse> ProcessAsync(ValidAuthorizationRequest
 
 		var clientId = request.ClientInfo.ClientId;
 		var grantedConsents = userConsents.Granted;
-		var scopes = Array.ConvertAll(grantedConsents.Scopes, scope => scope.Scope);
+		var scopes = grantedConsents.Scopes
+			.Concat(grantedConsents.Resources.SelectMany(rd => rd.Scopes))
+			.Select(sd => sd.Scope)
+			.Distinct()
+			.ToArray();
 		var resources = Array.ConvertAll(grantedConsents.Resources, resource => resource.Resource);
 		var authContext = new AuthorizationContext(clientId, scopes, model.Claims)
 		{
diff --git a/Abblix.Oidc.Server/Endpoints/Token/TokenAuthorizationContextEvaluator.cs b/Abblix.Oidc.Server/Endpoints/Token/TokenAuthorizationContextEvaluator.cs
index 384609f..6e5c0a4 100644
--- a/Abblix.Oidc.Server/Endpoints/Token/TokenAuthorizationContextEvaluator.cs
+++ b/Abblix.Oidc.Server/Endpoints/Token/TokenAuthorizationContextEvaluator.cs
@@ -55,7 +55,9 @@ public AuthorizationContext EvaluateAuthorizationContext(ValidTokenRequest reque
         var resources = authContext.Resources;
         if (resources is { Length: > 0 } && request.Resources is { Length: > 0 })
         {
-            resources = resources.Intersect(from rd in request.Resources select rd.Resource).ToArray();
+            resources = resources
+                .Intersect(from rd in request.Resources select rd.Resource)
+                .ToArray();
         }
 
         // Return a new authorization context updated with the determined scopes and resources.