[mitreid-connect] Problem creating a new scope

Justin Richer jricher at mit.edu
Mon Nov 14 15:26:24 EST 2016 

If you mean structured scopes, the only place I’ve seen that is in the SMART project. We’re potentially removing that structure in 1.3 to simplify things since it’s not used much.

 — Justin


> On Nov 15, 2016, at 5:14 AM, William Hadden1 <WilHadden at uk.ibm.com> wrote:
> 
> That was exactly it, thanks!
>  
> While I'm here, do you have any examples of using structured data?
>  
> Thanks
> Wil
>  
>  
> ----- Original message -----
> From: Justin Richer <jricher at mit.edu>
> To: William Hadden1/UK/IBM at IBMGB
> Cc: mitreid-connect at mit.edu
> Subject: Re: [mitreid-connect] Problem creating a new scope
> Date: Mon, Nov 14, 2016 6:57 PM
>  
> Is your client registered to use the scope you’ve created? The error that you’re getting is caused by a client asking for a scope that it’s not allowed to use. Not all clients get all scopes.
>  
>  — Justin
>  
>> On Nov 15, 2016, at 12:27 AM, William Hadden1 <WilHadden at uk.ibm.com <mailto:WilHadden at uk.ibm.com>> wrote:
>>  
>> Hi,
>>  
>> I am using version 1.2.6 with my own overlay.
>>  
>> I am experiencing an issue where I can successfully create a new scope through the admin API but when I try to authorise with it I get an error telling me that it's not valid. I can't tell if I'm doing something wrong or if there's a bug in the framework.
>>  
>> I can create a new scope using postman, ala:
>> POST  <http://localhost:9090/api/scopes>http://localhost:9090/api/scopes <http://localhost:9090/api/scopes>
>> {
>>     "value": "REPORTING",
>>     "description": "Ability to edit and run reports",
>>     "icon": "user",
>>     "allowDynReg": true,
>>     "defaultScope": true,
>>     "structured": false,
>>     "structuredParamDescription": null,
>>     "structuredValue": null
>> }
>>  
>> When I query the endpoint I can see it there
>> GET  <http://localhost:9090/api/scopes>http://localhost:9090/api/scopes <http://localhost:9090/api/scopes>
>> [{"id":1,"value":"openid","description":"log in using your identity","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":2,"value":"profile","description":"basic profile information","icon":"list-alt","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":3,"value":"email","description":"email address","icon":"envelope","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":4,"value":"address","description":"physical address","icon":"home","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":5,"value":"phone","description":"telephone number","icon":"bell","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":6,"value":"offline_access","description":"offline access","icon":"time","defaultScope":false,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":7,"value":"REPORTING","description":"Ability to edit and run reports","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null}]
>>  
>> Yet when I try to authorise I get an invalid scope error:
>> GET localhost:9090/authorize?client_id=client&redirect_uri=http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234 <http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234>
>>  
>> 2016-11-14 15:24:37 DEBUG ExceptionHandlerExceptionResolver:134 - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: error="invalid_scope", error_description="Invalid scope; requested:[REPORTING]", scope="address phone openid email profile offline_access"
>>  
>> Which seems to state that only the original scopes are valid.
>>  
>> Am I missing something?
>>  
>> Thanks
>> WIl Hadden.
>>  
>>  
>>  
>> Unless stated otherwise above:
>> IBM United Kingdom Limited - Registered in England and Wales with number 741598.
>> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
>> 
>> _______________________________________________
>> mitreid-connect mailing list
>> mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>
>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect <http://mailman.mit.edu/mailman/listinfo/mitreid-connect>
>  
> Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number 741598. 
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161114/a57e9cce/attachment-0001.html

More information about the mitreid-connect mailing list