Scope param added to a bearer token response

src/ResponseTypes/BearerTokenResponse.php

@@ -13,6 +13,7 @@
 
 use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
+use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use Psr\Http\Message\ResponseInterface;
 
 class BearerTokenResponse extends AbstractResponseType
@@ -30,6 +31,11 @@ public function generateHttpResponse(ResponseInterface $response)
             'token_type'   => 'Bearer',
             'expires_in'   => $expireDateTime - (new \DateTime())->getTimestamp(),
             'access_token' => (string) $jwtAccessToken,
+            'scope' => implode(" ", array_map(
+                function (ScopeEntityInterface $scopeEntity) {
+                    return $scopeEntity->getIdentifier();
+                }, $this->accessToken->getScopes()
+            ))
         ];
 
         if ($this->refreshToken instanceof RefreshTokenEntityInterface) {

tests/ResponseTypes/BearerResponseTypeTest.php

@@ -28,14 +28,17 @@ public function testGenerateHttpResponse()
         $client = new ClientEntity();
         $client->setIdentifier('clientName');
 
-        $scope = new ScopeEntity();
-        $scope->setIdentifier('basic');
+        $scope1 = new ScopeEntity();
+        $scope1->setIdentifier('basic1');
+        $scope2 = new ScopeEntity();
+        $scope2->setIdentifier('basic2');
 
         $accessToken = new AccessTokenEntity();
         $accessToken->setIdentifier('abcdef');
         $accessToken->setExpiryDateTime((new \DateTime())->add(new \DateInterval('PT1H')));
         $accessToken->setClient($client);
-        $accessToken->addScope($scope);
+        $accessToken->addScope($scope1);
+        $accessToken->addScope($scope2);
 
         $refreshToken = new RefreshTokenEntity();
         $refreshToken->setIdentifier('abcdef');
@@ -59,6 +62,9 @@ public function testGenerateHttpResponse()
         $this->assertTrue(isset($json->expires_in));
         $this->assertTrue(isset($json->access_token));
         $this->assertTrue(isset($json->refresh_token));
+
+        $this->assertTrue(isset($json->scope));
+        $this->assertEquals('basic1 basic2', $json->scope);
     }
 
     public function testGenerateHttpResponseWithExtraParams()
@@ -72,14 +78,17 @@ public function testGenerateHttpResponseWithExtraParams()
         $client = new ClientEntity();
         $client->setIdentifier('clientName');
 
-        $scope = new ScopeEntity();
-        $scope->setIdentifier('basic');
+        $scope1 = new ScopeEntity();
+        $scope1->setIdentifier('basic1');
+        $scope2 = new ScopeEntity();
+        $scope2->setIdentifier('basic2');
 
         $accessToken = new AccessTokenEntity();
         $accessToken->setIdentifier('abcdef');
         $accessToken->setExpiryDateTime((new \DateTime())->add(new \DateInterval('PT1H')));
         $accessToken->setClient($client);
-        $accessToken->addScope($scope);
+        $accessToken->addScope($scope1);
+        $accessToken->addScope($scope2);
 
         $refreshToken = new RefreshTokenEntity();
         $refreshToken->setIdentifier('abcdef');
@@ -104,6 +113,9 @@ public function testGenerateHttpResponseWithExtraParams()
         $this->assertTrue(isset($json->access_token));
         $this->assertTrue(isset($json->refresh_token));
 
+        $this->assertTrue(isset($json->scope));
+        $this->assertEquals('basic1 basic2', $json->scope);
+
         $this->assertTrue(isset($json->foo));
         $this->assertEquals('bar', $json->foo);
     }