WSO2 APIM access_token generation with default scope

3
votes

I have configured wso2am-2.6.0 using SAML with wso2is-5.7.0 following the example https://wso2.com/library/articles/2017/03/use-cases-of-utilizing-saml-with-wso2-api-manager/

Both app is installed on same server with Port Offset=3. In the IS is added the second store from Active Directory.

I have defined an API with some scopes. Any "scope" I would use, after going through the Authentication process the APIM returns the access_token with scope = default.

Example below:

{
  "access_token": "8f1cbaf3-6858-327e-9410-5210a1413e92",
  "refresh_token": "27cf0b3a-a3af-3826-94f3-9a0fd8518d33",
  "scope": "default",
  "token_type": "Bearer",
  "expires_in": 1024
}

What can be wrong?

1
wso2wso2iswso2-amapi-manager
Did you already subscribe to the API(which you have defined the scope) for the application?Rans
Yes, I have subscribed to the API. In previous releases, this flow works without any problems.Alexandru Para
In Database table for authorization code ( IDN_OAUTH2_AUTHORIZATION_CODE) SCOPE is "news_read". But in IDN_OAUTH2_ACCESS_TOKEN_SCOPE, after success authentification SCOPE is "default".Alexandru Para
If from Store -> Applications have selected MyApplication (which has subscriptions to APIs) and select some scopes, the Regenerate button generate only access token with ( default am_application_scope ) scopes.Alexandru Para

1 Answers

1
votes

I found the problem. Because I did not define any Role for the Scopes, to generate a token using my Scopes, it was necessary to add in the file <dir>/wso2am-2.6.0/repository/conf/api-manager.xml the list of Scopes in the tag ScopeWhitelist:

  <OAuthConfigurations>
    <ScopeWhitelist>
       <Scope> news_read </ Scope>
       <Scope> news_write </ Scope>
  </ ScopeWhitelist>

After that, access tokens were generated for my Scopes.