Creating and Configuring Dynamic Scopes
Instructions on how to configure dynamic scopes and use them as an authorization asset, for example, in the transactional authorization.
Prerequisites
Add Scope
In the workspace, select Applications > Services from the sidebar.
In the Services view, select a service that you want to set up a scope for and go to Scopes.
In the Scopes page, select ADD SCOPE.
In step 1 of the New Scope view, enter an OAuth name and a display name for your scope. Next, select Save scope and continue to proceed.
In step 2 of the New Scope view
Either select policies to set up criteria for client assignment, consent grant, and machine-to-machine protection and close the wizard with Save scope
Or select Skip to omit this step and proceed to the list of scopes with your new scope already included.
Enable Scope for App
In the workspace, go to Applications > Clients.
In the Clients view, select an application that you want to enable the scope for.
In your application view, select the Scopes tab.
In the Scopes tab, select the service that you want to configure and enable your new dynamic scope using the toggle switch.
Check if it Works
To test your new dynamic-scope setup
Make sure that your application has a dynamic scope (for example,
account.*
) enabled.Make your application request a specific instance of your dynamic scope, for example
account.1
.For example, make an authorization call to:
https://localhost:8443/default/default/oauth2/authorize?client_id=bu27qd10vc42d9kkisp0&redirect_uri=https://example.com&response_type=token&scope=email%20account.1
Log in to the application.
Result: The consent page opens and shows the application requesting access to dynamic scope
account.*
resolved toaccount.1
.