Docs touch-up.

jazzband · Jan 30, 2022 · 5619752 · 5619752
1 parent 302c686
commit 5619752
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -33,6 +33,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   and want to retain the pre-2.x behavior, set `oidc_claim_scope = None` in your subclass of `OAuth2Validator`.
 * #1108 OIDC: Make the `access_token` available to `get_oidc_claims` when called from `get_userinfo_claims`.
 
+### Fixed
+* #1108 OIDC: Fix `validate_bearer_token()` to properly set `request.scopes` to the list of granted scopes.
 
 ## [1.7.0] 2022-01-23
 

diff --git a/docs/oidc.rst b/docs/oidc.rst
@@ -325,7 +325,8 @@ and defined the ``OAUTH2_PROVIDER["SCOPES"]`` in your settings in order for this
     you can use to decide what claims to put in to the ID token:
 
     * ``request.scopes`` - the list of granted scopes.
-    * ``request.claims`` - the requested claims per OIDC's `5.5 Requesting Claims using the "claims" Request Parameter`_
+    * ``request.claims`` - the requested claims per OIDC's `5.5 Requesting Claims using the "claims" Request Parameter`_.
+      These must be requested by the client when making an authorization request.
     * ``request.user`` - the `Django User`_ object.
 
 .. _5.4 Requesting Claims using Scope Values: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims