OAuth2 Scope Inquiry

[Sean Kelly]

Hello!

 

I'm attempting to set up an Invision Power Board forum as an OAuth2 Authentication Server and have a few inquiries.

When defining scope for an OAuth2 parse against the 4.3+ API, how are the parameters defined? E.g. in the following url; https://www.<ipbsuite>/oauth/authorize?response_type=code&client_id=<client_id>&scope=/core/me&state=<randomlygeneratedstring>&redirect_uri=http://localhost:8080/login/oauth2/code/ips4 scope is set = to /core/me (for identification purposes), however this URL in practice returns a 403 (redirect URI is correct for testing purposes and the secret key is being passed as part of the body). I've seen no explicit definition saying "Hey, this is what the scope is exactly" but I've seen things varying between GET /core/me and /core/me, so I'm confused at what is the proper way.

 

If there is another thread already answering this I apologize, I did a short search and didn't find anything.

[bfarber]

If you are requesting any scopes, the only two defined by default are "profile" and "email", although you can add custom ones.

You control which scopes can be requested as well as which API endpoints an authenticated user can access when setting up the OAuth client under System > REST & OAuth in the AdminCP.

[Sean Kelly]

On 8/24/2018 at 10:30 AM, bfarber said:

If you are requesting any scopes, the only two defined by default are "profile" and "email", although you can add custom ones.

You control which scopes can be requested as well as which API endpoints an authenticated user can access when setting up the OAuth client under System > REST & OAuth in the AdminCP.

Thank you very much! This is exactly what I needed