Can you describe the use case? Is this request from the UMA Resource Server or an UMA Client? If you provide some more context, we may be able to point you in the right direction.

For example four scopes and lots of clients. Users login(SSO). I want to manage which user can access to my protected resource depend on their scopes. I try to use apache module, unfortunately it paused. after that try oxd-server but i get error and i create a ticket for this. finally try to get UMA scopes and information that added from oxTrust but I could not. now I want to do this, with mod_auth_openidc but its so difficult. am I in a right way ? Thank you Michael

I'm not sure which apache module you mean. If you are just trying to map scopes to policies, you may want to look at the GAT profile: - [API](https://gluu.org/docs/integrate/oauth2grants/#gluu-access-token) - [Docs Overview](https://gluu.org/docs/integrate/oauth2grants/#gluu-oauth2-access-management) Remeber, you application is the RS, and must enforce that the scopes are present and the token is not expired. The Gluu Server is the AS: it uses policies (see custom authorization interception scripts) to determine if a token with a particular scope should be issued. I hope that helps. I'm hoping we soon have some better examples of UMA and GAT token usage--I know its needed.

Oh sorry I missed this, MOD_OX is module that mentioned above. of curse it helps Michael and thanks a lot, but I want to check scopes with Apache module or other way, I don't want to change my resource server codes, just set scopes and policies, and this be check automatically. I try to use OXD or mod_auth_openidc for this purpose.

The mod_ox project was discontinued quite some time ago. Please only use our official [documentation](http://gluu.org/docs).

Thanks.