Hi, I created a Dynamic client via DCR with a non-admin user credentials and used the resulting client ID and secret to generate a token. The token scope sent in body is "apim:api_view apim:subscribe apim:app_owner_change"
*Curl Command sent is as below* curl -X POST \ https://localhost:8243/token \ -H 'authorization: Basic ME0zX1dmcGZvM2ZTaWlIR0JrWVo4OXNVdVNRYTpJUVpxc3d6RWl0elRhc3RKTVlGMUJXRnlwbzhh' \ -H 'cache-control: no-cache' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'postman-token: 2e9d6d96-f60b-e4be-7317-5b35c75f02b6' \ -d 'grant_type=password&username=samitha&password=12345&scope=apim%3Aapi_view%20apim%3Asubscribe%20apim%3Aapp_owner_change' But the response doesn't include the scope *apim:app_owner_change* Response: {"access_token":"2145d80a-635f-3a7f-a980-e380e827bde0","refresh_token":"3472eaef-a1d0-3211-9ba7-ff95e738981f","scope":"apim:api_view apim:subscribe","token_type":"Bearer","expires_in":2289} There is no such issue for admin users. What I am understanding is that this scope is not allowed for non-admin users. Or what am I missing here? And if there is any such restriction, please give a reference. Regards, Samitha -- *Samitha Chathuranga* *Senior Software Engineer*, *WSO2 Inc.* lean.enterprise.middleware Mobile: +94715123761 [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
