Skip to main content

Creating and Configuring Dynamic Scopes

Instructions on how to configure dynamic scopes and use them as an authorization asset, for example, in the transactional authorization.

Prerequisites

Add Scope

  1. In the workspace, select Applications > Services from the sidebar.

  2. In the Services view, select a service that you want to set up a scope for and go to Scopes.

  3. In the Scopes page, select ADD SCOPE.

  4. In step 1 of the New Scope view, enter an OAuth name and a display name for your scope. Next, select Save scope and continue to proceed.

    acp_how-to_dynpol_new.png
  5. In step 2 of the New Scope view

    • Either select policies to set up criteria for client assignment, consent grant, and machine-to-machine protection and close the wizard with Save scope

      acp_how-to_dynpol_newpol.png
    • Or select Skip to omit this step and proceed to the list of scopes with your new scope already included.

Enable Scope for App

  1. In the workspace, go to Applications > Clients.

  2. In the Clients view, select an application that you want to enable the scope for.

  3. In your application view, select the Scopes tab.

  4. In the Scopes tab, select the service that you want to configure and enable your new dynamic scope using the toggle switch.

Check if it Works

To test your new dynamic-scope setup

  1. Make sure that your application has a dynamic scope (for example, account.*) enabled.

  2. Make your application request a specific instance of your dynamic scope, for example account.1.

    For example, make an authorization call to:

    https://localhost:8443/default/default/oauth2/authorize?client_id=bu27qd10vc42d9kkisp0&redirect_uri=https://example.com&response_type=token&scope=email%20account.1
  3. Log in to the application.

    Result: The consent page opens and shows the application requesting access to dynamic scope account.* resolved to account.1.