<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Yes it was structured scopes.</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >Fair enough if it's getting removed I'll not look at it.</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >Thanks.</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >&nbsp;</div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: Justin Richer &lt;jricher@mit.edu&gt;<br>To: William Hadden1/UK/IBM@IBMGB<br>Cc: mitreid-connect@mit.edu<br>Subject: Re: [mitreid-connect] Problem creating a new scope<br>Date: Mon, Nov 14, 2016 8:26 PM<br>&nbsp;<br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html charset=utf8" >-->If you mean structured scopes, the only place I’ve seen that is in the SMART project. We’re potentially removing that structure in 1.3 to simplify things since it’s not used much.
<div>&nbsp;</div>
<div>&nbsp;— Justin</div>
<div>&nbsp;</div>
<div>&nbsp;
<div><blockquote type="cite" ><div>On Nov 15, 2016, at 5:14 AM, William Hadden1 &lt;<a href="mailto:WilHadden@uk.ibm.com" target="_blank" >WilHadden@uk.ibm.com</a>&gt; wrote:</div>&nbsp;

<div><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" class="" >-->
<div dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >That was exactly it, thanks!</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >While I'm here, do you have any examples of using structured data?</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >Thanks</div>
<div dir="ltr" >Wil</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >&nbsp;</div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: Justin Richer &lt;<a href="mailto:jricher@mit.edu" target="_blank" >jricher@mit.edu</a>&gt;<br>To: William Hadden1/UK/IBM@IBMGB<br>Cc: <a href="mailto:mitreid-connect@mit.edu" target="_blank" >mitreid-connect@mit.edu</a><br>Subject: Re: [mitreid-connect] Problem creating a new scope<br>Date: Mon, Nov 14, 2016 6:57 PM<br>&nbsp;<br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html charset=utf8" >-->Is your client registered to use the scope you’ve created? The error that you’re getting is caused by a client asking for a scope that it’s not allowed to use. Not all clients get all scopes.
<div>&nbsp;</div>
<div>&nbsp;— Justin</div>
<div>&nbsp;
<div><blockquote type="cite" ><div>On Nov 15, 2016, at 12:27 AM, William Hadden1 &lt;<a href="mailto:WilHadden@uk.ibm.com" target="_blank" >WilHadden@uk.ibm.com</a>&gt; wrote:</div>&nbsp;

<div><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" class="" >-->
<div dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Hi,</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >I am using version 1.2.6 with my own overlay.</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >I am experiencing an issue where I can successfully create a new scope through the admin API but when I try to authorise with it I get an error telling me that it's not valid. I can't tell if I'm doing something wrong or if there's a bug in the framework.</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >I can create a new scope using postman, ala:</div>
<div dir="ltr" ><a href="http://localhost:9090/api/scopes" target="_blank" ><span>POST </span></a><a href="http://localhost:9090/api/scopes" target="_blank" >http://localhost:9090/api/scopes</a></div>
<div dir="ltr" >{<br>&nbsp;&nbsp;&nbsp; "value": "REPORTING",<br>&nbsp;&nbsp;&nbsp; "description": "Ability to edit and run reports",<br>&nbsp;&nbsp;&nbsp; "icon": "user",<br>&nbsp;&nbsp;&nbsp; "allowDynReg": true,<br>&nbsp;&nbsp;&nbsp; "defaultScope": true,<br>&nbsp;&nbsp;&nbsp; "structured": false,<br>&nbsp;&nbsp;&nbsp; "structuredParamDescription": null,<br>&nbsp;&nbsp;&nbsp; "structuredValue": null<br>}</div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >When I query the endpoint I can see it there</div>
<div dir="ltr" ><a href="http://localhost:9090/api/scopes" target="_blank" ><span>GET </span></a><a href="http://localhost:9090/api/scopes" target="_blank" >http://localhost:9090/api/scopes</a></div>
<div dir="ltr" ><div><font face="Default Monospace,Courier New,Courier,monospace" size="2" >[{"id":1,"value":"openid","description":"log in using your identity","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":2,"value":"profile","description":"basic profile information","icon":"list-alt","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":3,"value":"email","description":"email address","icon":"envelope","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":4,"value":"address","description":"physical address","icon":"home","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":5,"value":"phone","description":"telephone number","icon":"bell","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":6,"value":"offline_access","description":"offline access","icon":"time","defaultScope":false,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":7,"value":"REPORTING","description":"Ability to edit and run reports","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null}]</font></div>
<div>&nbsp;</div>
<div>Yet when I try to authorise I get an invalid scope error:</div>
<div>GET localhost:9090/authorize?client_id=client&amp;redirect_uri=<a href="http://localhost:9090/simple-web-app/openid_connect_login&amp;scope=REPORTING&amp;response_type=code&amp;state=1234" target="_blank" >http://localhost:9090/simple-web-app/openid_connect_login&amp;scope=REPORTING&amp;response_type=code&amp;state=1234</a></div>
<div>&nbsp;</div>
<div><div>2016-11-14 15:24:37 DEBUG ExceptionHandlerExceptionResolver:134 - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map&lt;java.lang.String, java.lang.Object&gt;,java.util.Map&lt;java.lang.String, java.lang.String&gt;,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: error="invalid_scope", error_description="Invalid scope; requested:[REPORTING]", scope="address phone openid email profile offline_access"</div>
<div>&nbsp;</div>
<div>Which seems to state that only the original scopes are valid.</div>
<div>&nbsp;</div>
<div>Am I missing something?</div>
<div>&nbsp;</div>
<div>Thanks</div>
<div>WIl Hadden.</div></div>
<div>&nbsp;</div></div>
<div dir="ltr" >&nbsp;</div>
<div dir="ltr" >&nbsp;</div></div>Unless stated otherwise above:<br>IBM United Kingdom Limited - Registered in England and Wales with number 741598.<br>Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<br><br>_______________________________________________<br>mitreid-connect mailing list<br><a href="mailto:mitreid-connect@mit.edu" target="_blank" >mitreid-connect@mit.edu</a><br><span><a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" target="_blank" >http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></span></div></blockquote></div></div></blockquote>
<div dir="ltr" >&nbsp;</div></div>Unless stated otherwise above:<br>IBM United Kingdom Limited - Registered in England and Wales with number 741598.<br>Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<br>&nbsp;</div></blockquote></div></div></blockquote>
<div dir="ltr" >&nbsp;</div></div>Unless stated otherwise above:<BR>
IBM United Kingdom Limited - Registered in England and Wales with number 741598. <BR>
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<BR>
<BR>