How to set scope for a user/role in WSO2 Identity Server?

1
votes

In WSO2 Identity Server , I tried to associate scope with roles/users so that I can authorize them the access to API's if the scopes match. But no place i can see that. I am using node js in my back end.

I want to achieve something like below app.get('/deleteUser', authenticate({scope:'admin'}), function(req,res){

So that only those users[tokens] having the scopes 'admin' should be able to access deleteUser .How to achieve this user/role mapping to scope in WSO2 Identity server?

2
node.jswso2wso2iswso2-amoauth2

2 Answers

2
votes

I am not sure whether wso2 identity server support user/role mapping to scope. But for your use case I think you can use wso2 apimanager which handle role mapping with scope http://nuwanzone.blogspot.com/2014/06/oauth-20-scopes-with-wso2-api-manager.html

1
votes

WSO2 Identity Server doesn't have a scope validation logic by default. You will have to customize using OAuthScopeValidator

As @Jenananthan has already pointed out, WSO2 API Manager could be used for your use case.