-
Hello. I have the following access token, which includes scopes (), issued by Identity Server 4, like this: I want to ask, are the scopes created by IS4 the ones Ocelot looks for? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
@andreuwz As far as I understand it, the second example is giving you the expected result, since the test scope isn't included in the token's scopes. if (!matchesScopes.Any())
{
return new ErrorResponse<bool>(
new ScopeNotAuthorizedError($"no one user scope: '{string.Join(',', userScopes)}' match with some allowed scope: '{string.Join(',', routeAllowedScopes)}'"));
} as for the first example, the error must be somewhere else, since you have some matching scopes (by the way it's an interesting debate: #231) |
Beta Was this translation helpful? Give feedback.
@andreuwz As far as I understand it, the second example is giving you the expected result, since the test scope isn't included in the token's scopes.
https://github.com/ThreeMammals/Ocelot/blob/develop/src/Ocelot/Authorization/ScopesAuthorizer.cs
as for the first example, the error must be somewhere else, since you have some matching scopes (by the way it's an interesting debate: #231)