api/oauth2/token.go

@@ -63,8 +63,8 @@ func POSTOauth2Token(c *gin.Context) {
 			if errPRT != nil {
 				c.JSON(http.StatusUnauthorized, gin.H{"error_parsing_refresh_token": errPRT})
 			} else if claims, ok := parsedRefreshToken.Claims.(*JWTPayload); ok {
-				accessTokenString, errAT := generateAccessToken(claims.UserUid, []string{}, iat)
-				refreshTokenString, errRT := generateRefreshToken(claims.UserUid, []string{}, iat)
+				accessTokenString, errAT := generateAccessToken(claims.UserUid, claims.Scopes, iat)
+				refreshTokenString, errRT := generateRefreshToken(claims.UserUid, claims.Scopes, iat)
 				if errRT != nil || errAT != nil {
 					c.JSON(http.StatusUnauthorized, gin.H{"error_access_token": errAT, "error_refresh_token": errRT})
 				} else {