Closed sarubi closed 4 years ago
So by default, we won't be returning the OIDC scopes?
Also, what's the thinking behind 'requestedScopes' query parameter? Can you explain a scenario where an application would need it?
@mefarazath
So by default, we won't be returning the OIDC scopes?
Yes, via OAUTH2 scope endpoint only OAUTH2 scopes only can be retrieved. Via OIDC scope endpoint, we can view OIDC scopes. In-order to view OIDC scopes via OAUTH2 endpoint, we need to provide "includeOIDCScopes" query param as true.
Also, what's the thinking behind 'requestedScopes' query parameter? Can you explain a scenario where an application would need it?
Yeah, it will be used in our user portal, when we are getting consent from users we need to provide displayname of the scope and its description for the set of scope provided in the token request. In such a case, we need to only retrieve requested a set of scopes from the backend service.
We introduce two query param in the OAUTH2 scope get endpoint,