By: Eckhard Lehmann user 16 Oct 2019 at 4:56 a.m. CDT

6 Responses
Eckhard Lehmann gravatar
#### Expected behaviour When I register a client **dynamically** via a POST request to https://<my_gluu_address>/oxauth/restv1/register, I want to set the scope field to a string list with scopes that my client should support. Furthermore I want to set the grant_types and include "password". The corresponding JSON request body includes something like ``` { ... "grant_types": [ ..., "password" ], "scope":"openid profile user_name", ... } ``` The resulting client should have the scope values set to the list "openid", "profile", "user_name" (all are predefined). The Grant Types section should include the "password" item. #### Actual behaviour The resulting client has its sope set to the list of following items: "openid", "permission", "oxd", "uma_protection". The Grant Types section does not include the "password" item. This is reflected in the response like: ``` { ... "grant_types": [ ..., (no "password") ], "scope":"openid permission oxd uma_protection", ... } ```

By Mohib Zico staff 18 Oct 2019 at 9:28 a.m. CDT

Mohib Zico gravatar
I will test it as soon as I can manage some time. Thanks for your report!

By Eckhard Lehmann user 21 Oct 2019 at 3:09 a.m. CDT

Eckhard Lehmann gravatar
Thanks. Here is a Json that I used, for your convenience: ``` { "redirect_uris": ["http://ocalhost:8080/login/oauth2/code/gluu"], "post_logout_redirect_uris": ["http://localhost:8080/logout"], "rpt_as_jwt": false, "access_token_as_jwt": true, "access_token_signing_alg": "RS256", "response_types": [ "code", "token", "id_token" ], "grant_types": [ "authorization_code", "refresh_token", "client_credentials", "password" ], "application_type": "web", "client_name": "Dynamically registered test client", "subject_type": "public", "token_endpoint_auth_method": "client_secret_basic", "id_token_signed_response_alg": "none", "default_max_age": "300", "require_auth_time": false, "frontchannel_logout_session_required": "false", "scope": "openid user_name profile email" } ``` I used curl to perform the request, like so: ``` curl -v -X POST https://gluu-local/oxauth/restv1/register -H "Content-Type: application/json" -H "Accept: application/json" -d @/path/to/the/above/data.json ```

By Dzouato Djeumen Rolain Bonaventure staff 30 Oct 2019 at 2:37 p.m. CDT

Dzouato Djeumen Rolain Bonaventure gravatar
Hello Eckard, Please go to `Configuration` > `JSON Configuration` > `oxAuth Configuration` and make sure that the option `dynamicGrantTypeDefault` has `password` selected. By default, the `password` grant type is disabled for dynamic client registration. Thanks.

By Eckhard Lehmann user 06 Nov 2019 at 2:22 a.m. CST

Eckhard Lehmann gravatar
Hello, > Please go to Configuration > JSON Configuration > oxAuth Configuration and make sure that the option dynamicGrantTypeDefault has password selected. By default, the password grant type is disabled for dynamic client registration. Thanks, that worked :). But the other issue wit the scope is still open... or is it possible to configure that as well?

By Dzouato Djeumen Rolain Bonaventure staff 06 Nov 2019 at 5:25 a.m. CST

Dzouato Djeumen Rolain Bonaventure gravatar
Hello, Let me look into the scope issue.

By Dzouato Djeumen Rolain Bonaventure staff 06 Nov 2019 at 10:02 a.m. CST

Dzouato Djeumen Rolain Bonaventure gravatar
I have looked into the scope issue. Let's start with the why. Scopes in Gluu Server have a flag which indicates if they are a default scope. Default scopes are added (by default) during dynamic scope creation. Right now , we do not have an option on the oxTrust UI to change that , but I'll surely ask around. That said , the flag can be turned off. 1. Use an LDAP client of your choice (I use jXplorer) and connect to the LDAP server on your Gluu Server Instance. 2. Identify the `scopes` leaf under the `gluu` leaf 3. Search for scopes with `defaultScope` set to `true` and then change the `defaultScope` to `false`. Thanks for your patience.