Hi Team,
I am using Oauth2 with the below configuration
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OA-generateAccessToken">
<DisplayName>OA-generateAccessToken</DisplayName>
<Scope>request.formparam.scope</Scope>
<GrantType>request.formparam.grant_type</GrantType>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>GenerateAccessToken</Operation>
<SupportedGrantTypes>
<GrantType>client_credentials</GrantType>
</SupportedGrantTypes>
<GenerateResponse enabled="true"/>
</OAuthV2>
Where I am trying to get the Scope as a form param. But it is not working and giving me the below response.
I have added scope A B C as part of product configuration and when I am not sending any scope as a form param it comes with all default scope associated to a product which is an expected behaviour from APIGEE Please find the screenshot below,
So my question why it is not picking my scope from form param and append it in response as scope:"A"
Is there anything wrong with my configurations or understanding.
Solved! Go to Solution.
I have added scope A B C as part of product configuration
In the API product configuration, I believe the scopes should should be specified in the user interface as a comma separated list. If you want three scopes, you need to use A,B,C
. Then the client should ask for one or more of those scopes. This is what works for me.
Example request and output
$ curl -i -u ${clientid}:${clientsecret} \
$endpoint/oauth2-cc/token \
-d 'grant_type=client_credentials&scope=Scope1'
HTTP/2 200
x-request-id: d3070d43-2034-4da9-8649-c0ba49aa0839
content-length: 186
date: Fri, 30 Sep 2022 18:08:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
{
"token_type": "Bearer",
"access_token": "GcXzD0LxIProSwODvSWy2PATQmk7",
"scope": "Scope1",
"grant_type": "client_credentials",
"issued_at": 1664561300,
"expires_in": 1799
}
My product looks like this:
$ curl -i -H "Authorization: Bearer $TOKEN" $gaambo/v1/organizations/$org/apiproducts/HelloWorld
HTTP/2 200
content-type: application/json; charset=UTF-8
date: Fri, 30 Sep 2022 18:13:24 GMT
cache-control: private
accept-ranges: none
{
"name": "HelloWorld",
"displayName": "HelloWorld",
"approvalType": "auto",
"attributes": [
{
"name": "access",
"value": "public"
}
],
"description": "HelloWorld",
"environments": [
"eval"
],
"scopes": [
"Scope1",
"Scope2"
],
"createdAt": "1664561127674",
"lastModifiedAt": "1664561127674",
...
}
I have added scope A B C as part of product configuration
In the API product configuration, I believe the scopes should should be specified in the user interface as a comma separated list. If you want three scopes, you need to use A,B,C
. Then the client should ask for one or more of those scopes. This is what works for me.
Example request and output
$ curl -i -u ${clientid}:${clientsecret} \
$endpoint/oauth2-cc/token \
-d 'grant_type=client_credentials&scope=Scope1'
HTTP/2 200
x-request-id: d3070d43-2034-4da9-8649-c0ba49aa0839
content-length: 186
date: Fri, 30 Sep 2022 18:08:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
{
"token_type": "Bearer",
"access_token": "GcXzD0LxIProSwODvSWy2PATQmk7",
"scope": "Scope1",
"grant_type": "client_credentials",
"issued_at": 1664561300,
"expires_in": 1799
}
My product looks like this:
$ curl -i -H "Authorization: Bearer $TOKEN" $gaambo/v1/organizations/$org/apiproducts/HelloWorld
HTTP/2 200
content-type: application/json; charset=UTF-8
date: Fri, 30 Sep 2022 18:13:24 GMT
cache-control: private
accept-ranges: none
{
"name": "HelloWorld",
"displayName": "HelloWorld",
"approvalType": "auto",
"attributes": [
{
"name": "access",
"value": "public"
}
],
"description": "HelloWorld",
"environments": [
"eval"
],
"scopes": [
"Scope1",
"Scope2"
],
"createdAt": "1664561127674",
"lastModifiedAt": "1664561127674",
...
}
works for me @dchiesa1 Thanks.