THE_SUPERMAN Posted December 19, 2020 Share Posted December 19, 2020 I am getting this error when I try to get an access_token from the IPS oAuth server: { "name": "AuthorizationError", "code": "invalid_scope", "status": 500 } I didn't find any official documentation on this and it would be great if someone gave me the link. The URL I'm requesting for is this (confidential data has been hidden with XXX-XXX😞 https://example.com/oauth/authorize?response_type=code&redirect_uri=example.com&scope=authorization_code&client_id=XXX-XXX What am I doing wrong? Link to comment Share on other sites More sharing options...
Jon Erickson Posted December 20, 2020 Share Posted December 20, 2020 It’s merely telling you the scope you are requesting, authorization_code, is not a valid scope. Although I cannot tell which OAuth provider you are using, I’m guessing authorization_code isn’t a valid scope. I’ve never seen that before. Typically scopes correspond with resources you want access to such as profile, email, user, openid etc. Link to comment Share on other sites More sharing options...
bfarber Posted December 21, 2020 Share Posted December 21, 2020 When you set up a custom confidential OAuth client, you can choose which scopes are available. Look at the "Scopes" tab. By default, "profile" and "email" are the two valid scopes that are created, but you can adjust and make others. THE_SUPERMAN 1 Link to comment Share on other sites More sharing options...
THE_SUPERMAN Posted December 21, 2020 Author Share Posted December 21, 2020 3 minutes ago, bfarber said: When you set up a custom confidential OAuth client, you can choose which scopes are available. Look at the "Scopes" tab. Issue solved. Thanks so much. Link to comment Share on other sites More sharing options...
Recommended Posts