WSO2 APIM/IS - Is it possible to allow user to choose scopes to authorized

1
votes

I am studying WSO2 API Manager. In the OAuth authorization code/implicit flow, after the user enter a valid credential in the login page. The user will be redirected to consent page like this.

enter image description here

When user click Approve, access token will be issued with all valid requested OAuth scopes. However in OAuth flow, application can request access to multiple scopes. Is it possible to configure/customize WSO2 API Manager consent page to present the user with the list of request scopes and allow user to choose which scope will be allowed (like Facebook) ? If it is possible please guide me to where I should look further.

1
wso2wso2iswso2-am

1 Answers

0
votes

Yes we do have identified this as valid requirement and created JIRA to fix this issue in upcoming identity server release. Once identity components release with this feature API Manager can use it and next API Manager release will have that. Once we have that feature you can do following changes in authentication endpoint app and get user consent for scopes.

/repository/deployment/server/webapps/ directory. You'll see the exploded directory authenticationendpoint. Then users can edit web.xml file in authenticationendpoint/WEB-INF directory and displayScopes parameter to true and save the file.

<context-param>
        <param-name>displayScopes</param-name>
        <param-value>true</param-value>
</context-param>

Once the change is done, you'll see an entry in the carbon log similar to Reloaded Context with name: /authenticationendpoint after a couple of seconds. The scopes will be displayed in the consent page afterwards.

Public JIRA to display scope description in oauth/oidc consent page

Thanks

sanjeewa