Meg, please suggest.

Hello Christian, 1) I think, you forgot one step in plugin configuration i:e `Enable gluu-oauth2-client-auth protection`. Please follow the step in docs. [https://gluu.org/docs/gg/3.1.3/plugin/gui/#enable-gluu-oauth2-client-auth-protection](https://gluu.org/docs/gg/3.1.3/plugin/gui/#enable-gluu-oauth2-client-auth-protection). This is happens when you only enable gluu-oauth2-rs plugin. gluu-oauth2-rs plugin depends on gluu-oauth2-client-auth. You need to configure both plugin, [gluu-oauth2-client-auth](https://gluu.org/docs/gg/3.1.3/plugin/gui/#gluu-oauth-20-client-credential-authentication) and [gluu-oauth-rs](https://gluu.org/docs/gg/3.1.3/plugin/gui/#gluu-oauth-20-uma-rs-plugin). 2) If you already enabled gluu-oauth2-client-auth plugin, please send [kong log file](https://gluu.org/docs/gg/3.1.3/logs/). /usr/local/kong/logs/error.log Thanks, Meg

Hello Meg, Thank you for your response, this solve problem described. I have another question: I'm adding Security ("OAuth Scope Security") to my API, but I can't find a way to protect a Path that has dynamic URL. For instance, if I want to make a PUT to a table in my DB, I need to send with url the ID of row that I want to update, something like: https://../person/CipB3LxU2M. This ID is completely random, so there is no way to create exact match path to protect it. I know I can protect https://../person but for those dynamic urls relative to this path, I can't find a way to accomplish this. I found in documentation: https://gluu.org/docs/gg/plugin/gui/ - OAuth Scope Expression --path - a relative path to protect **(exact match)** --httpMethods - GET, HEAD, POST, PUT, DELETE --scope - the OAuth scope required to access the given path According to this, path must be exact. So, could you help us to find a solution for this scenario? Regards, Christian

Christian, Thank you for trying the obvious. Somehow this was missed in the development and QA process. We're going to push a fix next week. - Mike

Mike, Excellent, thank you! Regards, Christian