update t p

id.saladeaula.digital/app/routes/authorize.py

@@ -1,4 +1,3 @@
-from http import HTTPStatus
 from http.cookies import SimpleCookie
 
 import jwt
@@ -41,10 +40,9 @@ def authorize():
         client_scopes = set(scope_to_list(grant.client.scope))
         user_scopes = set(scope_to_list(session_scope)) if session_scope else set()
 
-        # Deny authorization if user has no scopes matching the client request
-        if not user_scopes & client_scopes:
-            raise ForbiddenError()
-            # raise errors.InvalidScopeError(status_code=HTTPStatus.UNAUTHORIZED)
+        # Deny authorization if user lacks scopes requested by client
+        if not client_scopes.issubset(user_scopes):
+            raise ForbiddenError('Access denied')
 
         return server.create_authorization_response(
             request=router.current_event,