func validateScopes(core *roll.Core, r *http.Request) (bool, error) { scope := r.FormValue(oauth2Scope) log.Info("validating scope", scope) if scope == "" { return true, nil } scopeParts := strings.Fields(scope) if len(scopeParts) > 1 || scopeParts[0] != adminScope { log.Info("scope not allowed") return false, nil } subject := r.FormValue("username") validAdmin, err := core.IsAdmin(subject) if err != nil { return false, err } return validAdmin, nil }