By: Mohamad Taheri user 07 Jul 2016 at 10:09 a.m. CDT

6 Responses
Mohamad Taheri gravatar
Hello How to use UMA API? The documentation is not complete. I'm always faced with this error: {"error":"invalid_client_scope","error_description":"The requested scope is invalid, unknown, or malformed."} this is my request url, header and body: REQUEST URL: https://accounts.borvelt-tech.loc/oxauth/seam/resource/restv1/requester/perm HEADERS: Authorization: Bearer d0712a56-7112-4e6d-92b2-27d8540b1417 Host: accounts.borvelt-tech.loc Content-Type: application/json BODY: {} thanks

By Michael Schwartz Account Admin 07 Jul 2016 at 12:28 p.m. CDT

Michael Schwartz gravatar
Can you describe the use case? Is this request from the UMA Resource Server or an UMA Client? If you provide some more context, we may be able to point you in the right direction.

By Mohamad Taheri user 07 Jul 2016 at 3:16 p.m. CDT

Mohamad Taheri gravatar
For example four scopes and lots of clients. Users login(SSO). I want to manage which user can access to my protected resource depend on their scopes. I try to use apache module, unfortunately it paused. after that try oxd-server but i get error and i create a ticket for this. finally try to get UMA scopes and information that added from oxTrust but I could not. now I want to do this, with mod_auth_openidc but its so difficult. am I in a right way ? Thank you Michael

By Michael Schwartz Account Admin 07 Jul 2016 at 5:40 p.m. CDT

Michael Schwartz gravatar
I'm not sure which apache module you mean. If you are just trying to map scopes to policies, you may want to look at the GAT profile: - [API](https://gluu.org/docs/integrate/oauth2grants/#gluu-access-token) - [Docs Overview](https://gluu.org/docs/integrate/oauth2grants/#gluu-oauth2-access-management) Remeber, you application is the RS, and must enforce that the scopes are present and the token is not expired. The Gluu Server is the AS: it uses policies (see custom authorization interception scripts) to determine if a token with a particular scope should be issued. I hope that helps. I'm hoping we soon have some better examples of UMA and GAT token usage--I know its needed.

By Mohamad Taheri user 08 Jul 2016 at 12:13 a.m. CDT

Mohamad Taheri gravatar
Oh sorry I missed this, MOD_OX is module that mentioned above. of curse it helps Michael and thanks a lot, but I want to check scopes with Apache module or other way, I don't want to change my resource server codes, just set scopes and policies, and this be check automatically. I try to use OXD or mod_auth_openidc for this purpose.

By William Lowe user 08 Jul 2016 at 9:57 a.m. CDT

William Lowe gravatar
The mod_ox project was discontinued quite some time ago. Please only use our official [documentation](http://gluu.org/docs).

By Mohamad Taheri user 08 Jul 2016 at 10:09 a.m. CDT

Mohamad Taheri gravatar
Thanks.