<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Hi,</div>
<div dir="ltr" > </div>
<div dir="ltr" >I am using version 1.2.6 with my own overlay.</div>
<div dir="ltr" > </div>
<div dir="ltr" >I am experiencing an issue where I can successfully create a new scope through the admin API but when I try to authorise with it I get an error telling me that it's not valid. I can't tell if I'm doing something wrong or if there's a bug in the framework.</div>
<div dir="ltr" > </div>
<div dir="ltr" >I can create a new scope using postman, ala:</div>
<div dir="ltr" ><a href="http://localhost:9090/api/scopes" >POST http://localhost:9090/api/scopes</a></div>
<div dir="ltr" >{<br> "value": "REPORTING",<br> "description": "Ability to edit and run reports",<br> "icon": "user",<br> "allowDynReg": true,<br> "defaultScope": true,<br> "structured": false,<br> "structuredParamDescription": null,<br> "structuredValue": null<br>}</div>
<div dir="ltr" > </div>
<div dir="ltr" >When I query the endpoint I can see it there</div>
<div dir="ltr" ><a href="http://localhost:9090/api/scopes" >GET http://localhost:9090/api/scopes</a></div>
<div dir="ltr" ><pre>[{"id":1,"value":"openid","description":"log in using your identity","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":2,"value":"profile","description":"basic profile information","icon":"list-alt","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":3,"value":"email","description":"email address","icon":"envelope","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":4,"value":"address","description":"physical address","icon":"home","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":5,"value":"phone","description":"telephone number","icon":"bell","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":6,"value":"offline_access","description":"offline access","icon":"time","defaultScope":false,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":7,"value":"REPORTING","description":"Ability to edit and run reports","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null}]</pre>
<div> </div>
<div>Yet when I try to authorise I get an invalid scope error:</div>
<div>GET localhost:9090/authorize?client_id=client&redirect_uri=http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234</div>
<div> </div>
<div><div>2016-11-14 15:24:37 DEBUG ExceptionHandlerExceptionResolver:134 - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: error="invalid_scope", error_description="Invalid scope; requested:[REPORTING]", scope="address phone openid email profile offline_access"</div>
<div> </div>
<div>Which seems to state that only the original scopes are valid.</div>
<div> </div>
<div>Am I missing something?</div>
<div> </div>
<div>Thanks</div>
<div>WIl Hadden.</div></div>
<div> </div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div></div>Unless stated otherwise above:<BR>
IBM United Kingdom Limited - Registered in England and Wales with number 741598. <BR>
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<BR>
<BR>