<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Is your client registered to use the scope you’ve created? The error that you’re getting is caused by a client asking for a scope that it’s not allowed to use. Not all clients get all scopes.<div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Nov 15, 2016, at 12:27 AM, William Hadden1 <<a href="mailto:WilHadden@uk.ibm.com" class="">WilHadden@uk.ibm.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt"><div dir="ltr" class="">Hi,</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">I am using version 1.2.6 with my own overlay.</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">I am experiencing an issue where I can successfully create a new scope through the admin API but when I try to authorise with it I get an error telling me that it's not valid. I can't tell if I'm doing something wrong or if there's a bug in the framework.</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">I can create a new scope using postman, ala:</div>
<div dir="ltr" class=""><a href="http://localhost:9090/api/scopes" class="">POST http://localhost:9090/api/scopes</a></div>
<div dir="ltr" class="">{<br class=""> "value": "REPORTING",<br class=""> "description": "Ability to edit and run reports",<br class=""> "icon": "user",<br class=""> "allowDynReg": true,<br class=""> "defaultScope": true,<br class=""> "structured": false,<br class=""> "structuredParamDescription": null,<br class=""> "structuredValue": null<br class="">}</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">When I query the endpoint I can see it there</div>
<div dir="ltr" class=""><a href="http://localhost:9090/api/scopes" class="">GET http://localhost:9090/api/scopes</a></div>
<div dir="ltr" class=""><pre class="">[{"id":1,"value":"openid","description":"log in using your identity","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":2,"value":"profile","description":"basic profile information","icon":"list-alt","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":3,"value":"email","description":"email address","icon":"envelope","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":4,"value":"address","description":"physical address","icon":"home","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":5,"value":"phone","description":"telephone number","icon":"bell","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":6,"value":"offline_access","description":"offline access","icon":"time","defaultScope":false,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":7,"value":"REPORTING","description":"Ability to edit and run reports","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null}]</pre>
<div class=""> </div>
<div class="">Yet when I try to authorise I get an invalid scope error:</div>
<div class="">GET localhost:9090/authorize?client_id=client&redirect_uri=<a href="http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234" class="">http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234</a></div>
<div class=""> </div>
<div class=""><div class="">2016-11-14 15:24:37 DEBUG ExceptionHandlerExceptionResolver:134 - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: error="invalid_scope", error_description="Invalid scope; requested:[REPORTING]", scope="address phone openid email profile offline_access"</div>
<div class=""> </div>
<div class="">Which seems to state that only the original scopes are valid.</div>
<div class=""> </div>
<div class="">Am I missing something?</div>
<div class=""> </div>
<div class="">Thanks</div>
<div class="">WIl Hadden.</div></div>
<div class=""> </div></div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class=""> </div></div>Unless stated otherwise above:<br class="">
IBM United Kingdom Limited - Registered in England and Wales with number 741598. <br class="">
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<br class="">
<br class="">
_______________________________________________<br class="">mitreid-connect mailing list<br class=""><a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a><br class="">http://mailman.mit.edu/mailman/listinfo/mitreid-connect<br class=""></div></blockquote></div><br class=""></div></body></html>