Issue with Oauth2.0 Scope modification/addition while token generation

Not applicable

I am trying to add scopes to a access token generated using client_credential flow the scopes are not getting added while token generation.

1. I have a product which has 3 scopes listed. [ A B C]

2. While token generation, I don't have incoming scope values in request , rather I add it via Assign message policy as query param.

<Set> <QueryParams> <QueryParam name="address">anonymous</QueryParam> </QueryParams> </Set>

3. I refer the same in scope xml tag of generate Oauth token.

<Scope>request.queryparam.scope</Scope>

But every-time scope value is empty, and if I don't specify the value then all the 3 scopes are populated from product Oauth scope.

0 1 341
1 REPLY 1

Not applicable

You can specify scope as a query parameter in the token generation request, then step #2 is not required. And then Step #3 <Scope>request.queryparam.scope</Scope> should work fine.

Please go through this : http://docs.apigee.com/api-services/content/working-scopes#codeexamples

e.g.

curl -i -X POST -H content-type:application/x-www-form-urlencoded 'http://myorg-test.apigee.net/oauth/token?grant_type=client_credentials&scope=A X'

It will generate an access token only with scope values that match with the scopes specified in the Product.Without the requesting scope, Edge generates the token with all scopes from the Product that the app is registered.