improve ValidateAuthReqScopes

pkg/op/authrequest.go

@@ -111,20 +111,20 @@ func ValidateAuthReqScopes(client Client, scopes []string) ([]string, error) {
 	}
 	openID := false
 	for i := len(scopes) - 1; i >= 0; i-- {
-		switch scopes[i] {
+		scope := scopes[i]
-		case oidc.ScopeOpenID:
+		if scope == oidc.ScopeOpenID {
 			openID = true
-		case oidc.ScopeProfile,
+			continue
-			oidc.ScopeEmail,
+		}
-			oidc.ScopePhone,
+		if !(scope == oidc.ScopeProfile ||
-			oidc.ScopeAddress,
+			scope == oidc.ScopeEmail ||
-			oidc.ScopeOfflineAccess:
+			scope == oidc.ScopePhone ||
-		default:
+			scope == oidc.ScopeAddress ||
-			if !utils.Contains(client.AllowedScopes(), scopes[i]) {
+			scope == oidc.ScopeOfflineAccess) &&
-				scopes[i] = scopes[len(scopes)-1]
+			!utils.Contains(client.AllowedScopes(), scope) {
-				scopes[len(scopes)-1] = ""
+			scopes[i] = scopes[len(scopes)-1]
-				scopes = scopes[:len(scopes)-1]
+			scopes[len(scopes)-1] = ""
-			}
+			scopes = scopes[:len(scopes)-1]
 		}
 	}
 	if !openID {