Hi Janak, Thanks for brining this up. I also noticed this recently when I was doing some demo for a customer and was planning to send a mail on this.
When we did the OIDC scopes management feature we should have addressed the OAuth2 scopes management as well. I searched back to see if there has been any discussion on this on architecture and I found [1]. However, the thread hasn't been updated with the progress of the development and screenshots :(. We can't have two separate scope management features in the product. There is only one concept of scopes and it is a usage of scope that is there in OIDC. So definitely +1 to use the same set of APIs to expose this externally. Isn't this the purpose of Resource Set Registration profile? Aren't those APIs same as one of the above APIs? Else do we have 3 separate APIs now? We can only have one API. [1] "Moving oidc scope-claim mapping from registry to db" in architect...@wso2.org Thanks & Regards, Johann. On Tue, Jul 2, 2019 at 2:20 PM Janak Amarasena <ja...@wso2.com> wrote: > Hi All, > > We have two implementations related to scopes in the IS, one for OAuth2 > scopes (for oauth2 scopes and scope bindings(role, permission etc)) and the > other for OIDC scopes (for scope claim mappings). The data is also stored > separately. > For the OAuth2 scope management, we already have a REST API[1] and with > the OAuthAdminService Soap API, we manage the OIDC scopes. > When designing the REST API to include OIDC scopes management there are > two ways this can be done. > > 1. Have a seperate API for OIDC scope managment. > 2. Include the OIDC scope management and OAuth scope management in the > same REST API and treat them both as a single resource when exposing it to > the outside and manage them separately internally. > > [1] - > https://docs.wso2.com/display/IS580/apidocs/OAuth2-scope-endpoint/index.html > > Your thoughts on this are much appreciated. > > Thank you, > Best Regards, > > Janak > > -- > *Janak Amarasena* | Software Engineer | WSO2 Inc. > (m) +94777764144 | (w) +94112145345 | (e) ja...@wso2.com > > > <https://wso2.com/signature> > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
