How to provide description for OAuth 2.0 Scopes wi...

sudheendras · 10-03-2017 09:38 AM

I understand that scopes can be defined in the API Product. But I don't find any references to explaining those scopes with a human readable description (short description or icon etc.). How is this typically solved with the Apigee edge platform

zubermohammad

Hi, @sudheendra@apigee.com,

This is how I have approached this problem. I stored all the scopes and corresponding description and HTML in BaaS and fetched that on Consent page.

As per the specification, you could also use a human-readable string in scopes directly but you have to make sure that they are case sensitive. That is why they are preferred to be used as simple acronyms.

I would be happy to know any other options as well 🙂

Hope this helps

sudheendras

Thanks @Mohammed Zuber Using BaaS is an interesting solution. Just curious, are there any reasons why you did not use the custom attributes in API Products to store the scope description?

zubermohammad

Hi @Sudhee Sreedhara,

Using custom attributes is a viable solution, but it will be hardly coupled to that single product only. In some scenarios, we have to have the same API to be available in different products and that will make the scope management difficult if they were stored in custom attributes.

Another reason why I would not prefer custom attributes is, it is a key-value store. I can only store one type of information in custom attribute either a description or some HTML markup.

Whereas in BaaS we have the liberty to add as much information as we would like.

Hope this will be helpful. Regards.

How to provide description for OAuth 2.0 Scopes within Apigee?