Viewing Scope Mapping Details

You must have the manage security configurations functional privilege assigned to manage scopes.

You can view the scope details and modify the scope details as required from the OAuth/OpenID scopes page.

To view scope mapping details

Expand the menu options icon , in the title bar, and select OAuth/OpenID scopes.
A list of available scopes appears. Use the Show drop-down list at the bottom of the page to set the maximum number of scopes you want to display in a page. The details, such as, name and description of the scope is displayed in the form of a table. You can delete a scope by clicking the delete icon .
Click a scope.
The scope details page appears. This page displays the details such as the authorization server name, the server scope, the API scopes that are linked to the server scope and the API scope details such as the API to which the scope is associated, the description of the API and API version number.

You can modify the scope by clicking the Edit button and modifying the required values.
Note: You can edit or delete the APIs from the scope mapping, only if the APIs are assigned to your team(s).

Customizing Resouce Access Approval Page

You can customize the Resource access approval page, that appears when you request for a access token using a REST client. You can modify the contents of the page such as page title, logo, footer and so on to establish your brand among your users.

The Resource access approval page displays the scopes mapped to the application that is used to invoke an API. As an resource owner, you can select a scope for the incoming request and approve access token.

To customise the Resource access approval page

Navigate to InstallDir\IntegrationServer\instaces\default\packages\WmAPIGateway\pub.
Open OAuth_Approval.html file in a text editor.

Edit the values of the following variables in the file as per the requirements:

Variable Name	Description
`approvalpg_hostport`	Specifies the protocol, host and port details that are used to access the approval page. For example: http://localhost:5555 where, http is the protocol, localhost is the host name, and 5555 is the port number.
`approvalpg_title`	Specifies the title of the approval page. The default value of this variable is the value specified for the following watt property: watt.server.oauth.approvalpage.title You can edit the title as per your requirements by changing the value of this watt property from Integration Server.
`approvalpg_logo_filename`	Specifies the location of the logo displayed in the page header. The default location is the location specified for the following watt property: watt.server.oauth.approvalpage.logo You can edit the logo as per your requirements by changing the value of this watt property to the logo file location.
`approvalpg_heading`	Specifes the page header. The default value of this variable is the value specified for the following watt property: watt.server.oauth.approvalpage.header You can edit the header as per your requirements by changing the value of this watt property in Integration Server.
`approvalpg_footer`	Specifies the page footer. The default value of this variable is the value specified for the following watt property: watt.server.oauth.approvalpage.footer You can edit the header as per your requirements by changing the value of this watt property in Integration Server.

The following table lists the predefined fields that are used internally by webMethods API Gateway. You cannot modify these values.

Fields	Description
`client_id`	Client Id of the strategy.
`redirect_uri`	Redirect URI of the strategy.
`Scope`	Scope of the authorization server.
`State`	State parameter in the auth code flow.
`response_type`	Response type parameter in the OAuth2 flow.
`code_challenge`	Code challenge used in the PKCE flow.
`code_challenge_method`	Code challenge method used in the PKCE flow.
`X-CSRF-TOKEN`	CSRF token generated.
`client_name`	Strategy name.
`Version`	Strategy version.
`scopeName`	Scope name of the authorization server.

Save the changes and refresh the Resource access approval page page.
The page appears as per your customization.