This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Scope in Oauth2 Policy not getting appended in Response

Posted on 09-29-2022 05:25 PM
AbhishekAw
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Team,

I am using Oauth2 with the below configuration

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OA-generateAccessToken">
<DisplayName>OA-generateAccessToken</DisplayName>
<Scope>request.formparam.scope</Scope>
<GrantType>request.formparam.grant_type</GrantType>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>GenerateAccessToken</Operation>
<SupportedGrantTypes>
<GrantType>client_credentials</GrantType>
</SupportedGrantTypes>
<GenerateResponse enabled="true"/>
</OAuthV2>

Where I am trying to get the Scope as a form param. But it is not working and giving me the below response.

 

Screen Shot 2022-09-29 at 5.14.46 PM.png

I have added scope A B C as part of product configuration and when I am not sending any scope as a form param it comes with all default scope associated to a product which is an expected behaviour from APIGEE Please find the screenshot below,

Screen Shot 2022-09-29 at 5.20.34 PM.png

So my question why it is not picking my scope from form param and append it in response as scope:"A"

Is there anything wrong with my configurations or understanding.

Solved Solved
0 2 173
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I have added scope A B C as part of product configuration

In the API product configuration, I believe the scopes should should be specified in the user interface as a comma separated list. If you want three scopes, you need to use A,B,C . Then the client should ask for one or more of those scopes. This is what works for me.

Example request and output

 

$ curl -i -u ${clientid}:${clientsecret} \
   $endpoint/oauth2-cc/token \
   -d 'grant_type=client_credentials&scope=Scope1'

HTTP/2 200 
x-request-id: d3070d43-2034-4da9-8649-c0ba49aa0839
content-length: 186
date: Fri, 30 Sep 2022 18:08:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

{
  "token_type": "Bearer",
  "access_token": "GcXzD0LxIProSwODvSWy2PATQmk7",
  "scope": "Scope1",
  "grant_type": "client_credentials",
  "issued_at": 1664561300,
  "expires_in": 1799
}

 

My product looks like this:

 

$ curl -i -H "Authorization: Bearer $TOKEN"  $gaambo/v1/organizations/$org/apiproducts/HelloWorld
HTTP/2 200 
content-type: application/json; charset=UTF-8
date: Fri, 30 Sep 2022 18:13:24 GMT
cache-control: private
accept-ranges: none

{
  "name": "HelloWorld",
  "displayName": "HelloWorld",
  "approvalType": "auto",
  "attributes": [
    {
      "name": "access",
      "value": "public"
    }
  ],
  "description": "HelloWorld",
  "environments": [
    "eval"
  ],
  "scopes": [
    "Scope1",
    "Scope2"
  ],
  "createdAt": "1664561127674",
  "lastModifiedAt": "1664561127674",
  ...
}

 

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I have added scope A B C as part of product configuration

In the API product configuration, I believe the scopes should should be specified in the user interface as a comma separated list. If you want three scopes, you need to use A,B,C . Then the client should ask for one or more of those scopes. This is what works for me.

Example request and output

 

$ curl -i -u ${clientid}:${clientsecret} \
   $endpoint/oauth2-cc/token \
   -d 'grant_type=client_credentials&scope=Scope1'

HTTP/2 200 
x-request-id: d3070d43-2034-4da9-8649-c0ba49aa0839
content-length: 186
date: Fri, 30 Sep 2022 18:08:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

{
  "token_type": "Bearer",
  "access_token": "GcXzD0LxIProSwODvSWy2PATQmk7",
  "scope": "Scope1",
  "grant_type": "client_credentials",
  "issued_at": 1664561300,
  "expires_in": 1799
}

 

My product looks like this:

 

$ curl -i -H "Authorization: Bearer $TOKEN"  $gaambo/v1/organizations/$org/apiproducts/HelloWorld
HTTP/2 200 
content-type: application/json; charset=UTF-8
date: Fri, 30 Sep 2022 18:13:24 GMT
cache-control: private
accept-ranges: none

{
  "name": "HelloWorld",
  "displayName": "HelloWorld",
  "approvalType": "auto",
  "attributes": [
    {
      "name": "access",
      "value": "public"
    }
  ],
  "description": "HelloWorld",
  "environments": [
    "eval"
  ],
  "scopes": [
    "Scope1",
    "Scope2"
  ],
  "createdAt": "1664561127674",
  "lastModifiedAt": "1664561127674",
  ...
}

 

Jump to Solution

Posted on --/--/---- --:-- AM
AbhishekAw
Bronze 3
Bronze 3
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

works for me @dchiesa1  Thanks.

Jump to Solution
0 Likes
Top Solution Authors
View all