From 06852a81ff76fdbed2cb2cf6919eecd52b483f5f Mon Sep 17 00:00:00 2001
From: Thanuja <thanuja@thanuja.local>
Date: Sat, 28 Oct 2023 16:04:50 +0530
Subject: [PATCH] Fix SessionDataKeyConsent null issue

---
 .../DefaultOAuth2ScopeValidator.java           | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/DefaultOAuth2ScopeValidator.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/DefaultOAuth2ScopeValidator.java
index 651647f843..16386a61e1 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/DefaultOAuth2ScopeValidator.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/DefaultOAuth2ScopeValidator.java
@@ -95,6 +95,7 @@ public List<String> validateScope(OAuthAuthzReqMessageContext authzReqMessageCon
         }
         List<String> authorizedScopes = getAuthorizedScopes(requestedScopes, authzReqMessageContext
                         .getAuthorizationReqDTO().getUser(), appId, null, tenantDomain);
+        handleInternalLoginScope(requestedScopes, authorizedScopes);
         removeRegisteredScopes(authzReqMessageContext);
         return authorizedScopes;
     }
@@ -129,7 +130,8 @@ public List<String> validateScope(OAuthTokenReqMessageContext tokenReqMessageCon
         List<String> authorizedScopes = getAuthorizedScopes(requestedScopes, tokenReqMessageContext
                         .getAuthorizedUser(), appId, grantType, tenantDomain);
         removeRegisteredScopes(tokenReqMessageContext);
-        if (OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) && authorizedScopes.contains(SYSTEM_SCOPE)) {
+        handleInternalLoginScope(requestedScopes, authorizedScopes);
+        if (OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType)) {
             authorizedScopes.remove(INTERNAL_LOGIN_SCOPE);
         }
         return authorizedScopes;
@@ -413,4 +415,18 @@ private String resolveOrgIdByTenantDomain(String tenantDomain) throws IdentityOA
         }
     }
 
+    /**
+     * This is to persist the previous behaviour with the "internal_login" scope.
+     *
+     * @param requestedScopes requested scopes.
+     * @param authorizedScopes authorized scopes.
+     */
+    private static void handleInternalLoginScope(List<String> requestedScopes, List<String> authorizedScopes) {
+
+        if ((requestedScopes.contains(SYSTEM_SCOPE) || requestedScopes.contains(INTERNAL_LOGIN_SCOPE))
+                && !authorizedScopes.contains(INTERNAL_LOGIN_SCOPE)) {
+            authorizedScopes.add(INTERNAL_LOGIN_SCOPE);
+        }
+    }
+
 }