Authorization server scope changes

[charlottekostelic]

OCLC Authorization server now accepts scope and/or scopes as a parameter. Type and formatting of scope parameter is the same as scopes.

OCLC did not provide an update noting this change and their documentation on the Client Credentials Grant page uses the two parameters interchangeably.

Changed:

• documentation and tests to reflect change in parameters accepted by OCLC Authorization server
• Updated dependencies:
  • certifi (2024.7.4)
  • jinja2 (3.1.4)
  • requests (2.32.3)
  • urllib3 (2.2.2)
  • zipp (3.19.2)

[charlottekostelic]

Yes, there are now two fields (scope and scopes) that are interchangeable. The authorization server accepts payloads with either/both scope and scopes. It returns returns a response with the same value in both fields.

It seems clunky but OCLC's documentation uses "scope" and "scopes" interchangeably so I suspect it is a common mistake.

I didn't add scope as a parameter for WorldcatAccessToken because I thought it might be confusing. I just updated the tests that were failing and the examples we provide in our documentation to account for the change in the auth server response.

I want to create a github actions workflow to run monthly to check the responses from the Metadata API and auth server so we know if OCLC changes anything. I'll include that in a future PR though.

[klinga]

Thanks, Charlotte.

I want to create a github actions workflow to run monthly to check the responses from the Metadata >API and auth server so we know if OCLC changes anything. I'll include that in a future PR though.

That's a good idea. Let's request a new WSKey just for that purpose. GitHub provides a means to securely store credentials within the repo.