Closed beolson closed 1 year ago
The documentation you are referring to is talking about RBAC not OIDC Scopes.
Looks like BriefcaseManager.downloadBriefcase attempts to download the briefcase in read/write mode which might explain why you need the imodels:modify
scope
I assume that under the covers ITwinsJS is calling this: https://developer.bentley.com/apis/imodels-v2/operations/acquire-imodel-briefcase/ - and this does state that it requires the imodels:modify scope.
Is there a way to get a briefcase without a modify scope? I only intend to open it as a SnapshotDb - and would prefer my application not request a token with a modify scope
hello @beolson, BriefcaseManager.downloadBriefcase documentation mentions that read-only Briefcases have an id equal to a special value (which is equal to 0). Looking at the code it looks like if you supply that special value to the function it should not attempt to acquire a new Briefcase so the imodels:modify
scope should not be needed. This test downloads a Briefcase with briefcaseId: BriefcaseIdValue.Unassigned
.
Also depending on your use case you may want to look into NativeApp.requestDownloadBriefcase
Describe the bug I am trying to download a Briefcase, and I am trying to use the least permissive scope to do so. I found documentation that suggests the only permission needed is "Read IModel" - but it only works when I add imodels:modify to my scopes.
To Reproduce Steps to reproduce the behavior:
1 - acquire an accessToken
2 - use token to download briefcase.
3 - this fails for me. But will work if I add the "imodels:modify" scope in step 1.
Expected behavior Should be able to call the BriefcaseManager.downloadBriefcase method using a token with the "imodels:read" scope.