From 296c1cbb2b90b8c7b23e51637fef77263db3141b Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 17 Feb 2020 11:59:35 +0200
Subject: [PATCH] auth: db-oauth - Match scopes split by spaces

Allow the user in if there is at least one matching scope.
---
 src/auth/db-oauth2.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 28bf03e0d4..046cb80f73 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -553,8 +553,11 @@ db_oauth2_token_in_scope(struct db_oauth2_request *req,
 			"oauth2: Token scope(s): %s",
 			value);
 		if (value != NULL) {
+			const char **wanted_scopes =
+				t_strsplit_spaces(req->db->set.scope, " ");
 			const char **scopes = t_strsplit_spaces(value, " ");
-			found = str_array_find(scopes, req->db->set.scope);
+			for (; !found && *wanted_scopes != NULL; wanted_scopes++)
+				found = str_array_find(scopes, *wanted_scopes);
 		}
 		if (!found) {
 			*error_r = t_strdup_printf("Token is not valid for scope '%s'",
-- 
2.47.3