<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >That was exactly it, thanks!</div>
<div dir="ltr" > </div>
<div dir="ltr" >While I'm here, do you have any examples of using structured data?</div>
<div dir="ltr" > </div>
<div dir="ltr" >Thanks</div>
<div dir="ltr" >Wil</div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: Justin Richer <jricher@mit.edu><br>To: William Hadden1/UK/IBM@IBMGB<br>Cc: mitreid-connect@mit.edu<br>Subject: Re: [mitreid-connect] Problem creating a new scope<br>Date: Mon, Nov 14, 2016 6:57 PM<br> <br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html charset=utf8" >-->Is your client registered to use the scope you’ve created? The error that you’re getting is caused by a client asking for a scope that it’s not allowed to use. Not all clients get all scopes.
<div> </div>
<div> — Justin</div>
<div>
<div><blockquote type="cite" ><div>On Nov 15, 2016, at 12:27 AM, William Hadden1 <<a href="mailto:WilHadden@uk.ibm.com" target="_blank" >WilHadden@uk.ibm.com</a>> wrote:</div>
<div><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" class="" >-->
<div dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Hi,</div>
<div dir="ltr" > </div>
<div dir="ltr" >I am using version 1.2.6 with my own overlay.</div>
<div dir="ltr" > </div>
<div dir="ltr" >I am experiencing an issue where I can successfully create a new scope through the admin API but when I try to authorise with it I get an error telling me that it's not valid. I can't tell if I'm doing something wrong or if there's a bug in the framework.</div>
<div dir="ltr" > </div>
<div dir="ltr" >I can create a new scope using postman, ala:</div>
<div dir="ltr" ><a href="http://localhost:9090/api/scopes" target="_blank" ><span>POST </span></a><a href="http://localhost:9090/api/scopes" target="_blank" >http://localhost:9090/api/scopes</a></div>
<div dir="ltr" >{<br> "value": "REPORTING",<br> "description": "Ability to edit and run reports",<br> "icon": "user",<br> "allowDynReg": true,<br> "defaultScope": true,<br> "structured": false,<br> "structuredParamDescription": null,<br> "structuredValue": null<br>}</div>
<div dir="ltr" > </div>
<div dir="ltr" >When I query the endpoint I can see it there</div>
<div dir="ltr" ><a href="http://localhost:9090/api/scopes" target="_blank" ><span>GET </span></a><a href="http://localhost:9090/api/scopes" target="_blank" >http://localhost:9090/api/scopes</a></div>
<div dir="ltr" ><div><font face="Default Monospace,Courier New,Courier,monospace" size="2" >[{"id":1,"value":"openid","description":"log in using your identity","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":2,"value":"profile","description":"basic profile information","icon":"list-alt","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":3,"value":"email","description":"email address","icon":"envelope","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":4,"value":"address","description":"physical address","icon":"home","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":5,"value":"phone","description":"telephone number","icon":"bell","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":6,"value":"offline_access","description":"offline access","icon":"time","defaultScope":false,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null},{"id":7,"value":"REPORTING","description":"Ability to edit and run reports","icon":"user","defaultScope":true,"restricted":false,"structured":false,"structuredParamDescription":null,"structuredValue":null}]</font></div>
<div> </div>
<div>Yet when I try to authorise I get an invalid scope error:</div>
<div>GET localhost:9090/authorize?client_id=client&redirect_uri=<a href="http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234" target="_blank" >http://localhost:9090/simple-web-app/openid_connect_login&scope=REPORTING&response_type=code&state=1234</a></div>
<div> </div>
<div><div>2016-11-14 15:24:37 DEBUG ExceptionHandlerExceptionResolver:134 - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: error="invalid_scope", error_description="Invalid scope; requested:[REPORTING]", scope="address phone openid email profile offline_access"</div>
<div> </div>
<div>Which seems to state that only the original scopes are valid.</div>
<div> </div>
<div>Am I missing something?</div>
<div> </div>
<div>Thanks</div>
<div>WIl Hadden.</div></div>
<div> </div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div></div>Unless stated otherwise above:<br>IBM United Kingdom Limited - Registered in England and Wales with number 741598.<br>Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<br><br>_______________________________________________<br>mitreid-connect mailing list<br><a href="mailto:mitreid-connect@mit.edu" target="_blank" >mitreid-connect@mit.edu</a><br><span><a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" target="_blank" >http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></span></div></blockquote></div></div></blockquote>
<div dir="ltr" > </div></div>Unless stated otherwise above:<BR>
IBM United Kingdom Limited - Registered in England and Wales with number 741598. <BR>
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<BR>
<BR>