OAuth or OpenID Scopes
Before you begin
You must have the webMethods API Gateway's manage security configurations functional privilege assigned to manage scopes.
About this task
You have to map the scope that you have defined in the authorization server with the APIs in webMethods API Gateway to authorize the access tokens to be used to access the protected resources. You can map either a complete API or parts (resources or methods) of an API to the scope.
For example, if there is a scope you have defined for an external authorization server, such as readonly, then the access tokens which contain readonly as their scope, should access only the GET resources. So, you can create an API Scope for the GET resources in an API or for multiple APIs and then map this readonly scope to all those API Scopes. Now this access token can invoke only the GET resources. If it tries to invoke any POST or PUT resource it fails. As another example you can consider mapping a business scope such as, inventory, that you have defined in the authorization server; you can map all the resources required for the inventory business to this scope.
To map a scope
Procedure
-
Expand the menu options icon
, in the title bar, and
select
OAuth/OpenID scopes.
-
Specify an API scope that is to be linked to the authorization
server.
Alternatively, you can type a search word and select the required API scope from the search list populated.The API scopes added are listed in the Selected API scopes table. You can click the delete icon
, in the corresponding
column, to delete an API scope from the list.