Hi I configured WSO2 Identity Server 5.0.0 as Key manager as the documentation[1]. The I created a API with api scope in WSO2 AM 1.7.0. However when generating the access token with the given scope It generate the access token for the given scope. But When invoking the API, There is no scope validation in identity server. I could invoke other resources having different scope.
When looking at the identity.xml in identity server, I figured out below OAuthScopeValidator configuration is missing in identity.xml. I added below configuration, Then scopes are validating properly. This is not mentioned even in the doc[1] <OAuthScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator"/> @IS Team, AM Team, Can you confirm above is the correct configuration in Identity server to validate the API Scope ? [1] https://docs.wso2.com/display/CLUSTER420/Configuring+WSO2+Identity+Server+as+the+Key+Manager Thanks, Nuwanw -- Nuwan Wimalasekara Senior Software Engineer - Test Automation WSO2, Inc.: http://wso2.com lean. enterprise. middleware phone: +94 71 668 4620
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev