[mitreid-connect] Problem creating a new scope
Justin Richer
jricher at mit.edu
Mon Nov 14 13:57:33 EST 2016
Is your client registered to use the scope you’ve created? The error that you’re getting is caused by a client asking for a scope that it’s not allowed to use. Not all clients get all scopes.
— Justin
> On Nov 15, 2016, at 12:27 AM, William Hadden1 <WilHadden at uk.ibm.com> wrote:
>
> Hi,
>
> I am using version 1.2.6 with my own overlay.
>
> I am experiencing an issue where I can successfully create a new scope through the admin API but when I try to authorise with it I get an error telling me that it's not valid. I can't tell if I'm doing something wrong or if there's a bug in the framework.
>
> I can create a new scope using postman, ala:
> POST http://localhost:9090/api/scopes <http://localhost:9090/api/scopes>
> {
> "value": "REPORTING",
> "description": "Ability to edit and run reports",
> "icon": "user",
> "allowDynReg": true,
> "defaultScope": true,
> "structured": false,
> "structuredParamDescription": null,
> "structuredValue": null
> }
>
> When I query the endpoint I can see it there
> GET http://localhost:9090/api/scopes <http://localhost:9090/api/scopes>
> [{"id":1,"value":"openid","description":"log in using your identity","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":2,"value":"profile","description":"basic profile information","icon":"list-alt","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":3,"value":"email","description":"email address","icon":"envelope","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":4,"value":"address","description":"physical address","icon":"home","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":5,"value":"phone","description":"telephone number","icon":"bell","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":6,"value":"offline_access","description":"offline access","icon":"time","defaultScope":false,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":7,"value":"REPORTING","description":"Ability to edit and run reports","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null}]
>
> Yet when I try to authorise I get an invalid scope error:
> GET localhost:9090/authorize?client_id=client&redirect_uri=http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234
>
> 2016-11-14 15:24:37 DEBUG ExceptionHandlerExceptionResolver:134 - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: error="invalid_scope", error_description="Invalid scope; requested:[REPORTING]", scope="address phone openid email profile offline_access"
>
> Which seems to state that only the original scopes are valid.
>
> Am I missing something?
>
> Thanks
> WIl Hadden.
>
>
>
> Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number 741598.
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161114/760c459f/attachment.html
More information about the mitreid-connect
mailing list