This javascript SDK doesn't support it, and Zitadel fails without the mandatory minimum scope (openid) being added to the request.
Expectation
Being able to configure scopes like the Golang SDK.
Reproduction
Try to connect to an OpenFGA instance configured to accept Zitadel OIDC via client credentials flow.
Fail to do so due to no scope in the encoded form posted to the token endpoint.
OpenFGA SDK version
0.6.2
OpenFGA version
1.5.8
SDK Configuration
function createClientWithCredentials() {
return new OpenFgaClient({
apiUrl: process.env['FGA_API_URL'] as string,
storeId: process.env['FGA_STORE_ID'] as string,
authorizationModelId: process.env['FGA_MODEL_ID'] as string,
credentials: {
method: CredentialsMethod.ClientCredentials,
config: {
apiTokenIssuer: process.env['FGA_API_TOKEN_ISSUER'] as string,
apiAudience: process.env['FGA_API_AUDIENCE'] as string,
clientId: process.env['FGA_CLIENT_ID'] as string,
clientSecret: process.env['FGA_CLIENT_SECRET'] as string,
}
}
});
}
Logs
{"error":"invalid_request","error_description":"The scope of your request is missing. Please ensure some scopes are requested. If you have any questions, you may contact the administrator of the application."}
Checklist
Description
The golang SDK supports scopes being added to a token claim:
https://github.com/openfga/go-sdk/blob/9449c5ef9f56123aff8fe1f47bc166ff33c5775a/credentials/credentials.go#L116-L119
This javascript SDK doesn't support it, and Zitadel fails without the mandatory minimum scope (
openid) being added to the request.Expectation
Being able to configure scopes like the Golang SDK.
Reproduction
OpenFGA SDK version
0.6.2
OpenFGA version
1.5.8
SDK Configuration
Logs
References