logto/.changeset/green-parents-switch.md

---
"@logto/core": patch
---

## Bump oidc-provider version

Bump oidc-provider version to [v8.2.2](https://github.com/panva/node-oidc-provider/releases/tag/v8.2.2). This version fixes a bug that prevented the revoked scopes from being removed from the access token.

> Issued Access Tokens always only contain scopes that are defined on the respective Resource Server (returned from features.resourceIndicators.getResourceServerInfo).

If the scopes are revoked from the resource server, they should be removed from the newly granted access token. This is now fixed in the new version of oidc-provider.
chore(core): bump oidc version (#3941) * chore(core): bump oidc version bump oidc version * fix(core): fix userId not found bug fix userId in session not found bug 2023-06-01 03:20:08 -05:00			`---`
			`"@logto/core": patch`
			`---`

			`## Bump oidc-provider version`

			`Bump oidc-provider version to [v8.2.2](https://github.com/panva/node-oidc-provider/releases/tag/v8.2.2). This version fixes a bug that prevented the revoked scopes from being removed from the access token.`

			`> Issued Access Tokens always only contain scopes that are defined on the respective Resource Server (returned from features.resourceIndicators.getResourceServerInfo).`

			`If the scopes are revoked from the resource server, they should be removed from the newly granted access token. This is now fixed in the new version of oidc-provider.`