This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
Default client scopes #161
Comments
|
We have no plans right now to change that. Tbh - there are other priorities right now to be able to ship 1.0 But I added this as a feature request. |
|
ok, any chance you'd be open to pull request to add this before 1.0? |
|
we will discuss it. |
|
thanks @leastprivilege |
|
Perhaps if scopes are absent, we just use the list of configured allowed scopes... |
|
@JonCubed What flows are your third parties using? |
|
@brockallen they are using Client Credentials |
|
OK - I'll add that feature for client credentials. |
|
see here does that work for you? |
|
@brockallen yes it does, thank you very much for getting done so quickly |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm porting our custom oauth implementation to identity server 4. Currently all our services have their own list of clients, I would like to merge them all into identity server instead with scopes. Currently third-parties are not sending the scope header, however in identity server 4 this returns a bad request with "invalid_scope".
I've looked at the code and it does not look like this scenario is possible. Would it be possible to be able to specify default scopes for a client so if the scope header is not present it will not fail?
From my understanding of the spec a predefined list of default scopes is allowed if the scope header is missing.
The text was updated successfully, but these errors were encountered: