This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

OASValidation to enforce scopes?

Posted on 09-19-2022 11:56 PM
YorickCleerbout
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi community,

Can the OASValidation policy be used to enforce that JWT access token (or introspection response) contains specific scopes as required in OpenAPI? This would be a great and efficient solution to enforce the presence of scopes. And avoid custom logic in proxies to enforce the presence of specific scopes for resources or operations.

 

paths:
  /users:
    get:
      summary: Get a list of users
      security:
        - OAuth2: [read]
security:
  - OAuth2:
      - read
      - write

 

I assume that this is not yet possible, the docs (https://docs.apigee.com/api-platform/reference/policies/oas-validation-policy) don’t mention a word about scope validation.

Looking forward to your feedback!
@dchiesa1maybe something you have more info about?

4 1 116
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
guycrets
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Verifying scopes through OAS validation would make life so much easier!

Top Solution Authors
View all