Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scope validation fails with custom scope validators #22234

Open
RakhithaRR opened this issue Jan 10, 2025 · 0 comments
Open

Scope validation fails with custom scope validators #22234

RakhithaRR opened this issue Jan 10, 2025 · 0 comments
Labels
Type/Bug

Comments

@RakhithaRR
Copy link

RakhithaRR commented Jan 10, 2025
edited
Loading

Description

Hi team,

When IS 6.1.0 is configured as a third party key manager, a connector is added to the IS. This connector has a custom scope validator (RoleBasedScopeIssuer) [1]. Here, we add a scope name default to the allowed scope list when the allowed scope list is empty. This has been the default behaviour in previous APIM versions as well. The revamp in [2] has introduced an additional check in the scope validation flow that checks whether the scopes requested by the user are included in the allowed scope list. The APIM scenario breaks with this new change.

[1] - https://github.com/wso2-support/apim-km-wso2is/blob/support-1.6.8.x-full/components/wso2is.key.manager.core/src/main/java/org/wso2/is/key/manager/core/tokenmgt/issuers/RoleBasedScopesIssuer.java
[2] - wso2-extensions/identity-inbound-auth-oauth#1975

Steps to Reproduce

Setup IS 6.1.0 as the KM with APIM 4.2.0 and try out the auth code grant without requesting any scopes

Version

6.1.0

Environment Details (with versions)

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RakhithaRR