Hi Samitha, Please check tenant-conf.json in the registry. apim:app_owner_change may be added there with admin role.
On Wed, Aug 22, 2018 at 2:44 PM, Samitha Chathuranga <sami...@wso2.com> wrote: > Hi, > > I created a Dynamic client via DCR with a non-admin user credentials and > used the resulting client ID and secret to generate a token. The token > scope sent in body is "apim:api_view apim:subscribe apim:app_owner_change" > > *Curl Command sent is as below* > > curl -X POST \ > https://localhost:8243/token \ > -H 'authorization: Basic ME0zX1dmcGZvM2ZTaWlIR0JrWVo4OX > NVdVNRYTpJUVpxc3d6RWl0elRhc3RKTVlGMUJXRnlwbzhh' \ > -H 'cache-control: no-cache' \ > -H 'content-type: application/x-www-form-urlencoded' \ > -H 'postman-token: 2e9d6d96-f60b-e4be-7317-5b35c75f02b6' \ > -d 'grant_type=password&username=samitha&password=12345&scope= > apim%3Aapi_view%20apim%3Asubscribe%20apim%3Aapp_owner_change' > > But the response doesn't include the scope *apim:app_owner_change* > > Response: > {"access_token":"2145d80a-635f-3a7f-a980-e380e827bde0"," > refresh_token":"3472eaef-a1d0-3211-9ba7-ff95e738981f","scope":"apim:api_view > apim:subscribe","token_type":"Bearer","expires_in":2289} > > There is no such issue for admin users. What I am understanding is that > this scope is not allowed for non-admin users. Or what am I missing here? > And if there is any such restriction, please give a reference. > > Regards, > Samitha > -- > *Samitha Chathuranga* > *Senior Software Engineer*, *WSO2 Inc.* > lean.enterprise.middleware > Mobile: +94715123761 > > [image: http://wso2.com/signature] <http://wso2.com/signature> > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev