Some OAuth2 / Open ID Connect providers require that clients include a scope parameter when requesting an access token. It looks like all CDE servers can add a default one if none was included, but a new feature to include something like required_scopes (maybe even scoped by API?) could be added to the authorization endpoint, so that final responses could look like this:
{
"oauth2_auth_url": "https://example.com/opencde/oauth2/auth",
"oauth2_token_url": "https://example.com/opencde/oauth2/token",
"oauth2_dynamic_client_reg_url": "https://example.com/opencde/oauth2/reg",
"http_basic_supported": true,
"supported_oauth2_flows": [
"authorization_code_grant",
"implicit_grant",
"resource_owner_password_credentials_grant"
],
"required_scopes": [{
"api": "bcf",
"scope": "bcf offline_access"
}]
}
Some OAuth2 / Open ID Connect providers require that clients include a
scopeparameter when requesting an access token. It looks like all CDE servers can add a default one if none was included, but a new feature to include something likerequired_scopes(maybe even scoped by API?) could be added to the authorization endpoint, so that final responses could look like this:{ "oauth2_auth_url": "https://example.com/opencde/oauth2/auth", "oauth2_token_url": "https://example.com/opencde/oauth2/token", "oauth2_dynamic_client_reg_url": "https://example.com/opencde/oauth2/reg", "http_basic_supported": true, "supported_oauth2_flows": [ "authorization_code_grant", "implicit_grant", "resource_owner_password_credentials_grant" ], "required_scopes": [{ "api": "bcf", "scope": "bcf offline_access" }] }