Include Requested Scopes in Webhook Requests (#3891)

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json

@@ -35,6 +35,11 @@
   },
   "request": {
     "client_id": "app-client",
+    "requested_scopes": [
+      "hydra.*",
+      "offline",
+      "openid"
+    ],
     "granted_scopes": [
       "offline",
       "openid",

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json

@@ -35,6 +35,11 @@
   },
   "request": {
     "client_id": "app-client",
+    "requested_scopes": [
+      "hydra.*",
+      "offline",
+      "openid"
+    ],
     "granted_scopes": [
       "offline",
       "openid",

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json

@@ -35,6 +35,11 @@
   },
   "request": {
     "client_id": "app-client",
+    "requested_scopes": [
+      "hydra.*",
+      "offline",
+      "openid"
+    ],
     "granted_scopes": [
       "offline",
       "openid",

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json

@@ -35,6 +35,11 @@
   },
   "request": {
     "client_id": "app-client",
+    "requested_scopes": [
+      "hydra.*",
+      "offline",
+      "openid"
+    ],
     "granted_scopes": [
       "offline",
       "openid",

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json

@@ -35,6 +35,11 @@
   },
   "request": {
     "client_id": "app-client",
+    "requested_scopes": [
+      "hydra.*",
+      "offline",
+      "openid"
+    ],
     "granted_scopes": [
       "offline",
       "openid",

oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json

@@ -35,6 +35,11 @@
   },
   "request": {
     "client_id": "app-client",
+    "requested_scopes": [
+      "hydra.*",
+      "offline",
+      "openid"
+    ],
     "granted_scopes": [
       "offline",
       "openid",

oauth2/token_hook.go

@@ -31,6 +31,8 @@ type AccessRequestHook func(ctx context.Context, requester fosite.AccessRequeste
 type Request struct {
 	// ClientID is the identifier of the OAuth 2.0 client.
 	ClientID string `json:"client_id"`
+	// RequestedScopes is the list of scopes requested to the OAuth 2.0 client.
+	RequestedScopes []string `json:"requested_scopes"`
 	// GrantedScopes is the list of scopes granted to the OAuth 2.0 client.
 	GrantedScopes []string `json:"granted_scopes"`
 	// GrantedAudience is the list of audiences granted to the OAuth 2.0 client.
@@ -170,6 +172,7 @@ func TokenHook(reg interface {
 
 		request := Request{
 			ClientID:        requester.GetClient().GetID(),
+			RequestedScopes: requester.GetRequestedScopes(),
 			GrantedScopes:   requester.GetGrantedScopes(),
 			GrantedAudience: requester.GetGrantedAudience(),
 			GrantTypes:      requester.GetGrantTypes(),