Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

After upgrading to latest pre-release am getting invalid_scope #4441

Closed
klanglie opened this issue May 27, 2020 · 6 comments
Closed

After upgrading to latest pre-release am getting invalid_scope #4441

klanglie opened this issue May 27, 2020 · 6 comments
Labels
question

Comments

@klanglie
Copy link

klanglie commented May 27, 2020
edited

After upgrading to latest pre-release I am getting an invalid_scope error. Any ideas. I am referencing the source code directly.

It looks like it has something to do with ResourceValidator. The scopes passed along from my UI were not found in either FindIdentityResourcesByScope or FindApiScope. Why is it not also searching ApiResources?

Something feels a little disconnected. Perhaps I am seeding the tables wrong? I am using same seed data as before. I am not sure what the difference between IdentityResources / ApiScopes and ApiResources are. Ideally this solution would lso be multi-tenant.

Another thing I came across is duplicate lines of code. SEE: ApiResourceMapperProfile Lns 27 + 29.
@leastprivilege
Copy link
Member

We changed the config model slightly. Docs are not written yet.

Check our test host to see how it works.

@GioviQ
Copy link

GioviQ commented May 27, 2020

@leastprivilege Is it https://github.com/IdentityServer/IdentityServer4/tree/master/src/IdentityServer4/host ?

@leastprivilege
Copy link
Member

Yes

https://github.com/IdentityServer/IdentityServer4/blob/master/src/IdentityServer4/host/Configuration/Resources.cs

@klanglie
Copy link
Author

Ok, looks like I need to modify my config by adding ApiScopes. I am guessing the reason for that reading the comments is to better implement the OAuth spec. I don't like duplication and lack of constraints so much. But if my UI deletes a token from ApiScopes I can find the same ones that are in any of the ApiResources.Scopes and delete them. Conversely, if I add a scope in my UI to ApiResources and it doesn't already exist in ApiScopes, I can add it there too.

OLD Way

        new ApiResource("myAPI", "Scope for My API")
            {
                ApiSecrets =
                {
                    new Secret("GUID".Sha256())
                },
                Scopes = 
                { 
                    "myAPI",
                    "myAPI.user",
                    "myAPI.admin"
                }
            },

@vietlp
Copy link

vietlp commented Jun 22, 2020

https://github.com/IdentityServer/IdentityServer4/issues/4549#issuecomment-647676504

@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@leastprivilege @GioviQ @klanglie @vietlp