1 files changed, 5 insertions, 4 deletions

diff --git a/qvisqve/token_router.py b/qvisqve/token_router.py
index ea37065..4778063 100644
--- a/qvisqve/token_router.py
+++ b/qvisqve/token_router.py
@@ -26,10 +26,10 @@ import qvisqve_secrets
 
 class TokenRouter(qvisqve.Router):
 
-    def __init__(self, token_generator, clients, authz_attempts):
+    def __init__(self, token_generator, clients, users, authz_attempts):
         qvisqve.log.log('debug', msg_text='TokenRouter init starts')
         super().__init__()
-        args = (clients, token_generator, authz_attempts)
+        args = (users, clients, token_generator, authz_attempts)
         self._grants = {
             'client_credentials': ClientCredentialsGrant(*args),
             'authorization_code': AuthorizationCodeGrant(*args),
@@ -75,7 +75,8 @@ class TokenRouter(qvisqve.Router):
 
 class Grant:
 
-    def __init__(self, clients, generator, authz_attempts):
+    def __init__(self, users, clients, generator, authz_attempts):
+        self._users = users
         self._clients = clients
         self._generator = generator
         self._attempts = authz_attempts
@@ -141,7 +142,7 @@ class AuthorizationCodeGrant(Grant):
 
         subject_id = aa.get_subject_id()
         scope = aa.get_scope()
-        allowed = self._clients.get_allowed_scopes(client_id)
+        allowed = self._users.get_allowed_scopes(subject_id)
         scope = ' '.join(
             s
             for s in scope.split()