Mapping OAuth or OpenID scopes

Edit online

Map the defined scope in the authorization server to APIs in webMethods API Gateway to authorize access tokens for protected resources. You can map either a complete API or parts (resources or methods) of an API to the scope.

About this task

For example, if you've defined a scope like readonly in an external authorization server, access tokens with that scope should be limited to accessing GET resources. So, you can create an API Scope for the GET resources in an API or for multiple APIs and then map this readonly scope to all those API Scopes. Now this access token can invoke only the GET resources. If it tries to invoke any POST, or PUT resource it fails. As another example you can consider mapping a business scope, such as inventory, that you have defined in the authorization server. You can map all the resources required for the inventory business to this scope.

You must have the Manage security configurations and functional privilege assigned to manage scopes.

Procedure

  1. Open the menu options and select OAuth/OpenID scopes.
  2. Click Map scope.
  3. Provide the information in the Authorization server scope section:
    Field Description
    Select authorization server scope Specifies the scope linked to the authorization server. Type a search word and select the required scope from the search list populated.
    Name Displays the name of the authorization server scope selected. It is populated by default and is noneditable.
    Description A brief description for the scope being is mapped.
    Audience Provide a value or URI, the intended recipient of the authorization server scope. The application that receives the token verifies that the audience value is correct and rejects any tokens intended for a different audience.
  4. Click API scopes.
  5. Specify an API scope that is to be linked to the authorization server. Alternatively, you can type a search word and select the required API scope from the search list populated. The API scopes added are listed in the Selected API scopes table. You can click the delete icon in the corresponding column to delete an API scope from the list.
  6. Click Save.
    This maps the authorization server scope to the selected API scopes and lists the authorization scope in the scopes list.