update id

id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py

@@ -4,6 +4,7 @@ import authlib.oauth2 as oauth2
 import authlib.oauth2.rfc6749.requests as requests
 from authlib.common.security import generate_token
 from authlib.oauth2.rfc6750 import BearerTokenGenerator
+from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler.api_gateway import Response
 from aws_lambda_powertools.event_handler.exceptions import NotFoundError
 from aws_lambda_powertools.utilities.data_classes.api_gateway_proxy_event import (
@@ -19,13 +20,13 @@ from .requests import APIGatewayJsonRequest, APIGatewayOAuth2Request
 
 DYNAMODB_SORT_KEY = os.getenv('DYNAMODB_SORT_KEY')
 OAUTH2_SCOPES_SUPPORTED = os.getenv('OAUTH2_SCOPES_SUPPORTED')
-
-
 GRANT_TYPES_EXPIRES_IN = {
     'refresh_token': 600,
     'authorization_code': 600,
 }
 
+logger = Logger(__name__)
+
 
 class AuthorizationServer(oauth2.AuthorizationServer):
     def __init__(

id.saladeaula.digital/app/routes/authorize.py

@@ -1,4 +1,4 @@
-from http import HTTPStatus, client
+from http import HTTPStatus
 from http.cookies import SimpleCookie
 
 import jwt
@@ -33,13 +33,11 @@ def authorize():
             request=router.current_event,
             end_user=sub,
         )
-        req_scopes = set(scope_to_list(grant.request.payload.scope))
-        user_scopes = set(scope_to_list(session_scope)) if session_scope else set()
         client_scopes = set(scope_to_list(grant.client.scope))
+        user_scopes = set(scope_to_list(session_scope)) if session_scope else set()
 
-        if not req_scopes.issubset(
-            client_scopes
-            & (user_scopes | {'openid', 'email', 'profile', 'offline_access'})
+        if not client_scopes.issubset(
+            user_scopes | {'openid', 'email', 'profile', 'offline_access'}
         ):
             raise errors.InvalidScopeError(status_code=HTTPStatus.UNAUTHORIZED)