<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">If you mean structured scopes, the only place I’ve seen that is in the SMART project. We’re potentially removing that structure in 1.3 to simplify things since it’s not used much.<div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Nov 15, 2016, at 5:14 AM, William Hadden1 <<a href="mailto:WilHadden@uk.ibm.com" class="">WilHadden@uk.ibm.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt"><div dir="ltr" class="">That was exactly it, thanks!</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">While I'm here, do you have any examples of using structured data?</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">Thanks</div>
<div dir="ltr" class="">Wil</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class=""> </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" class="">----- Original message -----<br class="">From: Justin Richer <<a href="mailto:jricher@mit.edu" class="">jricher@mit.edu</a>><br class="">To: William Hadden1/UK/IBM@IBMGB<br class="">Cc: <a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a><br class="">Subject: Re: [mitreid-connect] Problem creating a new scope<br class="">Date: Mon, Nov 14, 2016 6:57 PM<br class=""> <br class=""><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html charset=utf8" >-->Is your client registered to use the scope you’ve created? The error that you’re getting is caused by a client asking for a scope that it’s not allowed to use. Not all clients get all scopes.
<div class=""> </div>
<div class=""> — Justin</div>
<div class="">
<div class=""><blockquote type="cite" class=""><div class="">On Nov 15, 2016, at 12:27 AM, William Hadden1 <<a href="mailto:WilHadden@uk.ibm.com" target="_blank" class="">WilHadden@uk.ibm.com</a>> wrote:</div>
<div class=""><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" class="" >-->
<div dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" class=""><div dir="ltr" class="">Hi,</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">I am using version 1.2.6 with my own overlay.</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">I am experiencing an issue where I can successfully create a new scope through the admin API but when I try to authorise with it I get an error telling me that it's not valid. I can't tell if I'm doing something wrong or if there's a bug in the framework.</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">I can create a new scope using postman, ala:</div>
<div dir="ltr" class=""><a href="http://localhost:9090/api/scopes" target="_blank" class=""><span class="">POST </span></a><a href="http://localhost:9090/api/scopes" target="_blank" class="">http://localhost:9090/api/scopes</a></div>
<div dir="ltr" class="">{<br class=""> "value": "REPORTING",<br class=""> "description": "Ability to edit and run reports",<br class=""> "icon": "user",<br class=""> "allowDynReg": true,<br class=""> "defaultScope": true,<br class=""> "structured": false,<br class=""> "structuredParamDescription": null,<br class=""> "structuredValue": null<br class="">}</div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class="">When I query the endpoint I can see it there</div>
<div dir="ltr" class=""><a href="http://localhost:9090/api/scopes" target="_blank" class=""><span class="">GET </span></a><a href="http://localhost:9090/api/scopes" target="_blank" class="">http://localhost:9090/api/scopes</a></div>
<div dir="ltr" class=""><div class=""><font face="Default Monospace,Courier New,Courier,monospace" size="2" class="">[{"id":1,"value":"openid","description":"log in using your identity","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":2,"value":"profile","description":"basic profile information","icon":"list-alt","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":3,"value":"email","description":"email address","icon":"envelope","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":4,"value":"address","description":"physical address","icon":"home","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":5,"value":"phone","description":"telephone number","icon":"bell","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":6,"value":"offline_access","description":"offline access","icon":"time","defaultScope":false,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":7,"value":"REPORTING","description":"Ability to edit and run reports","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null}]</font></div>
<div class=""> </div>
<div class="">Yet when I try to authorise I get an invalid scope error:</div>
<div class="">GET localhost:9090/authorize?client_id=client&redirect_uri=<a href="http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234" target="_blank" class="">http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234</a></div>
<div class=""> </div>
<div class=""><div class="">2016-11-14 15:24:37 DEBUG ExceptionHandlerExceptionResolver:134 - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: error="invalid_scope", error_description="Invalid scope; requested:[REPORTING]", scope="address phone openid email profile offline_access"</div>
<div class=""> </div>
<div class="">Which seems to state that only the original scopes are valid.</div>
<div class=""> </div>
<div class="">Am I missing something?</div>
<div class=""> </div>
<div class="">Thanks</div>
<div class="">WIl Hadden.</div></div>
<div class=""> </div></div>
<div dir="ltr" class=""> </div>
<div dir="ltr" class=""> </div></div>Unless stated otherwise above:<br class="">IBM United Kingdom Limited - Registered in England and Wales with number 741598.<br class="">Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<br class=""><br class="">_______________________________________________<br class="">mitreid-connect mailing list<br class=""><a href="mailto:mitreid-connect@mit.edu" target="_blank" class="">mitreid-connect@mit.edu</a><br class=""><span class=""><a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" target="_blank" class="">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></span></div></blockquote></div></div></blockquote>
<div dir="ltr" class=""> </div></div>Unless stated otherwise above:<br class="">
IBM United Kingdom Limited - Registered in England and Wales with number 741598. <br class="">
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<br class="">
<br class="">
</div></blockquote></div><br class=""></div></body></html>