Question

Auth2 Scope management API support in Asgardeo

  • 28 April 2022
  • 3 replies
  • 42 views

Hi,

I am trying to use the OAuth2 scope management API[1] in Asgardeo but it doesn’t work. It gives following error message.

 

GET https://api.asgardeo.io/t/ajan/api/identity/oauth2/v1/scopes: {
  "Network": {
    "addresses": {
      "local": {
        "address": "192.168.0.13",
        "family": "IPv4",
        "port": 57442
      },
      "remote": {
        "address": "13.107.246.69",
        "family": "IPv4",
        "port": 443
      }
    },
    "tls": {
      "reused": false,
      "authorized": true,
      "authorizationError": null,
      "cipher": {
        "name": "ECDHE-RSA-AES256-GCM-SHA384",
        "standardName": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "version": "TLSv1/SSLv3"
      },
      "protocol": "TLSv1.2",
      "ephemeralKeyInfo": {},
      "peerCertificate": {
        "subject": {
          "country": "US",
          "stateOrProvince": "Washington",
          "locality": "Redmond",
          "organization": "Microsoft Corporation",
          "commonName": "api.asgardeo.io",
          "alternativeNames": "DNS:api.asgardeo.io"
        },
        "issuer": {
          "country": "US",
          "organization": "DigiCert Inc",
          "commonName": "DigiCert TLS RSA SHA256 2020 CA1"
        },
        "validFrom": "Aug 11 00:00:00 2021 GMT",
        "validTo": "Aug 11 23:59:59 2022 GMT",
        "fingerprint": "51:F4:63:9A:C3:93:46:34:6A:87:13:4A:6F:96:DA:9B:99:A1:4C:4A",
        "serialNumber": "073060d2b717e52cc795deb8d9ecd112"
      }
    }
  },
  "Request Headers": {
    "authorization": "Bearer cfaee344-a66c-3a7c-a225-5f7425a8740a",
    "user-agent": "PostmanRuntime/7.28.4",
    "accept": "*/*",
    "postman-token": "bbc08820-0ad0-4507-88ed-b79f0ccf9999",
    "host": "api.asgardeo.io",
    "accept-encoding": "gzip, deflate, br",
    "connection": "keep-alive",
    "cookie": "paf=1651006673.058.41.450953|71acb898e1e9604d7bd8c41e308eb24e"
  },
  "Response Headers": {
    "content-length": "271",
    "content-type": "application/json;charset=UTF-8",
    "www-authenticate": "realm user=\"\"",
    "x-asgardeo-traceid": "0r71qYgAAAABFG6Wx+Z2ITIrG3U6c0zGYU0pDRURHRTA1MTAAOGM1ZTczZjQtNmZhZi00MzQ1LTg4YmYtYjEwZjBmODk1MGM3",
    "strict-transport-security": "max-age=15724800; includeSubDomains",
    "x-cache": "CONFIG_NOCACHE",
    "x-azure-ref": "0r71qYgAAAABFG6Wx+Z2ITIrG3U6c0zGYU0pDRURHRTA1MTAAOGM1ZTczZjQtNmZhZi00MzQ1LTg4YmYtYjEwZjBmODk1MGM3",
    "date": "Thu, 28 Apr 2022 16:15:42 GMT"
  },
  "Response Body": "{\n  \"traceId\": \"0r71qYgAAAABFG6Wx+Z2ITIrG3U6c0zGYU0pDRURHRTA1MTAAOGM1ZTczZjQtNmZhZi00MzQ1LTg4YmYtYjEwZjBmODk1MGM3\",\n  \"code\": 401,\n  \"description\": \"Authorization failure. Authorization information was invalid or missing from your request.\",\n  \"message\": \"Unauthorized\"\n}"
}

 

I got the OAuth2 token with the “internal_application_mgt_view” scope as instructed  in the doc. But still no luck.

 

[1] https://is.docs.wso2.com/en/latest/develop/oidc-scope-management-rest-apis/


3 replies

Userlevel 3

Hi ,

You need below scopes to invoke OpenID Connect scope Management Rest API endpoints in Asgardeo.

  • internal_oidc_scope_mgt_view - GET /oidc/scopes
  • internal_oidc_scope_mgt_view - GET /oidc/scopes/{id}
  • internal_oidc_scope_mgt_create - POST /oidc/scopes
  • internal_oidc_scope_mgt_update - PUT /oidc/scopes/{id}
  • internal_oidc_scope_mgt_delete - DELETE /oidc/scopes/{id}

 

First , retrieve an access token using Client Credentials grant with required scopes and use it to invoke the API. You can find more information from this[1] article.

Eg :

curl  --request GET 'https://api.asgardeo.io/t/<org>/api/server/v1/oidc/scopes' \

--header 'Authorization: Bearer <token>'

 

[1]https://medium.com/identity-beyond-borders/invoking-apis-in-asgardeo-1592251a2a6b

I am trying the OAuth2 scope management API[1]. I ‘ve tried the API with scope “internal_application_mgt_view”

 

[1] https://is.docs.wso2.com/en/latest/develop/oauth2-scope-management-rest-apis/

Userlevel 3

You need following scopes to invoke OAuth 2.0 Scope Management API.

  • POST /scopes(.*) => internal_oauth_scope_mgt_create
  • GET /scopes(.*) => internal_oauth_scope_mgt_view
  • DELETE /scopes(.*) => internal_oauth_scope_mgt_delete
  • PUT /scopes(.*) => internal_oauth_scope_mgt_update

Reply