-
Notifications
You must be signed in to change notification settings - Fork 14
Admin UI: Scopes
Arnab Dutta edited this page Oct 6, 2022
·
4 revisions
Please read the following docs to get more information about different scopes.
- https://gluu.org/docs/gluu-server/4.4/admin-guide/openid-connect/#scopes
- https://gluu.org/docs/gluu-server/4.4/admin-guide/uma/#scopes
- https://github.com/JanssenProject/jans/wiki/CLI_V2
Spontaneous Scopes are READ ONLY. They should show up in search results; admins can view a spontaneous scope. But admins cannot create a spontaneous scope. Creation only happens when an authorized client presents a spontaneous scope at the token endpoint.
In Admin UI
- Spontaneous Scopes can not be created by admin.
- Admin can only view the created spontaneous scopes.
- To make an OIDC client capable of creating spontaneous scope set
allowSpontaneousScopes
totrue
and add regular expressions matching with scope in thespontaneousScopes
field in the database.
"allowSpontaneousScopes": true,
"spontaneousScopes": ["^transaction:.+$"]
- Then present the scopes (eg:
transaction:245
,transaction:8645
) before authorization_url
https://example.gluu.org/oxauth/restv1/authorize?response_type=code&scope=openid+profile+transaction%3A245+transaction%3A8645&client_id=c8592b26-8984-484d-8aba-9f475be73af0&redirect_uri=https%3A%2F%2Fexample.gluu.org%2Foxauth-rp%2Fhome.htm&state=2dccaf64-c0b9-4c35-8008-f754ad964c3b&nonce=9cf5c813-578b-44e5-a353-b7446c1b9358
- For spontaneous scope AS always sets
creatorTyp=client
and setscreatorId=clent_id
.
- We can only create UMA scope using admin-ui but not able to edit it.
- UMA scope can be created by humans or by AS.
- If AS has auto-create allowed for UMA scope then it will have
creatorTyp=auto
and emptycreatorId
.auto
means AS created it. - When UMA scope is created using tui/admin-ui (human) then
creatorType
will beUSER
(like Admin) andcreatorId
will be logged inUSER INUM
.
- Home
-
admin-ui documentation
- Introduction
- Dashboard
- Admin Menu
- Auth Server Menu
- Admin UI Installation on bank server
- CLI commands to Add, Remove Frontend Plugins
- Developer localization guide
- Gluu Admin UI: Frontend Plugin development document
- Gluu Admin UI: Backend Plugin development document
- Gluu Cloud Admin UI: Application Architecture
- Internationalization in Gluu Admin UI
- Jans Admin UI Developers setup Guide
- Jans Config Api Role Mapping
- licenseSpring Integration in Admin UI
- License Policy
- Admin UI: Scopes
- Security and API protection token
- User Management
- Gluu Flex
- Support Portal