wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 726 forks source link

Make scope name as unique across OAUTH2 and OIDC scope endpoints also expose OIDC scopes via AOUTH2 scopes endpoint upon addtional query param #7705

Closed sarubi closed 4 years ago

sarubi commented 4 years ago
  1. Currently, we allow adding scope with the same name in both endpoints. but decided to maintain the scope name as unique. We won't allow registering same scope name across these two OAuth2 and OIDC scope endpoints.
  2. We introduce two query param in the OAUTH2 scope get endpoint,

    includeOIDCScopes: Include OIDC scopes as well via OAUTH2 scope endpoint.
    
    requestedScopes: We can request a set of scopes to be returned in the response.
mefarazath commented 4 years ago

So by default, we won't be returning the OIDC scopes?

Also, what's the thinking behind 'requestedScopes' query parameter? Can you explain a scenario where an application would need it?

sarubi commented 4 years ago

@mefarazath

So by default, we won't be returning the OIDC scopes?

Yes, via OAUTH2 scope endpoint only OAUTH2 scopes only can be retrieved. Via OIDC scope endpoint, we can view OIDC scopes. In-order to view OIDC scopes via OAUTH2 endpoint, we need to provide "includeOIDCScopes" query param as true.

Also, what's the thinking behind 'requestedScopes' query parameter? Can you explain a scenario where an application would need it?

Yeah, it will be used in our user portal, when we are getting consent from users we need to provide displayname of the scope and its description for the set of scope provided in the token request. In such a case, we need to only retrieve requested a set of scopes from the backend service.