Managing Scopes
A scope defines the services the client can access on behalf of the resource owner. A scope consists of a name and one or more services. If access is granted for a scope, then access is granted for all the services in that scope. When a request is made, IBM® webMethods Integration verifies that the scope is defined for a client. The client is allowed to access only the service URLs that are specified for the scope. If the requested scope is not defined, IBM webMethods Integration returns an error indicating that the scope is invalid.
Note: You cannot delete a scope that is used by a client. Also, a scope cannot be deleted if it is
associated with an existing token. Users who have the required permission can create, edit, and
delete scopes.
Adding a Scope
- From the IBM webMethods Integration navigation bar, click on the profile icon located at the top-right corner of the home screen and select Settings > OAuth 2.0 > Scope Management > Add New Scope.
- On the Add New Scope dialog box, complete the following fields. Required fields are marked with an asterisk on the screen.
| Field | Description |
|---|---|
| Name | Type a unique name for the scope. You cannot modify the scope name after a scope is saved. Scope names are not case-sensitive. |
| Description | Type a description of the scope. |
| Service URLs | This field appears once you have added the exposed Flow services and REST Resources. You can
select both Flow services and REST Resources. A Service URL is a relative URL and it must
start with /integration. For example, if the absolute URL is https://sub-domain.domain
name/integration/rest/external/integration/run/development/projectID/flowservicename,
then the Service URL is
integration/rest/external/integration/run/development/fl1deb3b8565a30f0d557919/flow1. For REST APIs, if the absolute URL is /integration/restv2/development/projectID/RESTAPIName/ResourceName, then the Service URL is /integration/restv2/development/fl1deb3b8565a30f0d557919/customswagger/rad. Note: If a REST API
request URL has the following path variable: /abc/{pathvariable} and when you define the
scope using this REST API, specify the value of the scope as /abc/*.
|
| Services | Click Add New Service to select the services that the client can access on behalf of
the resource owner for executing the Flow services and REST Resources. Select the exposed Flow
services and REST Resources that you want to add as Service URLs from the listed projects. The
services dialog box displays the exposed Flow services and REST Resources available in all projects,
that is, in custom projects and in the Default project. Note: You can search by the project name,
Flow Service name, or by the REST API name. The search function works for Flow services and REST
APIs only after you have expanded the Flow services or REST API nodes in that project. It is
recommended to first search for the project and then search for the Flow services and REST APIs in
that project. In the services dialog box, select the exposed Flow services and REST APIs that you
want to add as service URLs, and then click Add or Update to add or update the
respective service URLs to that scope.
|