THE_SUPERMAN Posted December 19, 2020 Posted December 19, 2020 I am getting this error when I try to get an access_token from the IPS oAuth server: { "name": "AuthorizationError", "code": "invalid_scope", "status": 500 } I didn't find any official documentation on this and it would be great if someone gave me the link. The URL I'm requesting for is this (confidential data has been hidden with XXX-XXX😞 https://example.com/oauth/authorize?response_type=code&redirect_uri=example.com&scope=authorization_code&client_id=XXX-XXX What am I doing wrong?
Jon Erickson Posted December 20, 2020 Posted December 20, 2020 It’s merely telling you the scope you are requesting, authorization_code, is not a valid scope. Although I cannot tell which OAuth provider you are using, I’m guessing authorization_code isn’t a valid scope. I’ve never seen that before. Typically scopes correspond with resources you want access to such as profile, email, user, openid etc.
bfarber Posted December 21, 2020 Posted December 21, 2020 When you set up a custom confidential OAuth client, you can choose which scopes are available. Look at the "Scopes" tab. By default, "profile" and "email" are the two valid scopes that are created, but you can adjust and make others. THE_SUPERMAN 1
THE_SUPERMAN Posted December 21, 2020 Author Posted December 21, 2020 3 minutes ago, bfarber said: When you set up a custom confidential OAuth client, you can choose which scopes are available. Look at the "Scopes" tab. Issue solved. Thanks so much.
Recommended Posts