OAuth2.0/OpenID Connect

Question: The authorization request which is sent to Identify contains the scope: openid. However the Identify returns the error code: invalid_scope like this sample:

error invalid_scope
error_description The authorization request contains invalid scope(s): openid
state CfDJ8M-Mjp1lwb5JpWbxG-K_LT3RnSn39Q_GLXRIve4weByj-kacbP9eT5IcFKR9pliCwbiNNR4Z0M-kxeCcwPOne3R2zawCwuC4f9Kvsiu9-IvTWl9GiXVqdX7jDLivRoaYFFZv_7MPcvO97vYmge8f5EHSVB9HSQQmdODWOwT6bVq3m4cswdQw29MuUmvnfLF7n2BCtmprOHoPsq5FYJYw8oijALe-reztdKWo4P7ae5leAumqpvDWmG9lbuAfiE4pBwTYI2p1OyB39PW-M1tksjWkxtIXK_DALv5Bj9gdi4xV
error_uri https://identifyv55.safewhere.local/runtime/plugin/malf[custom-related-posts title="Related Posts" none_text="None found" order_by="title" order="ASC"]ormedrequest

error invalid_scope

error_description The authorization request contains invalid scope(s): openid

state CfDJ8M-Mjp1lwb5JpWbxG-K_LT3RnSn39Q_GLXRIve4weByj-kacbP9eT5IcFKR9pliCwbiNNR4Z0M-kxeCcwPOne3R2zawCwuC4f9Kvsiu9-IvTWl9GiXVqdX7jDLivRoaYFFZv_7MPcvO97vYmge8f5EHSVB9HSQQmdODWOwT6bVq3m4cswdQw29MuUmvnfLF7n2BCtmprOHoPsq5FYJYw8oijALe-reztdKWo4P7ae5leAumqpvDWmG9lbuAfiE4pBwTYI2p1OyB39PW-M1tksjWkxtIXK_DALv5Bj9gdi4xV

error_uri https://identifyv55.safewhere.local/runtime/plugin/malf[custom-related-posts title="Related Posts" none_text="None found" order_by="title" order="ASC"]ormedrequest

What could be going wrong here?

Answer: “openid” is the special scope to define the current OAuth2.0 SP is the OpenID Connect. Please verify the OAuth2.0 protocol connection setup and enable the setting: “Use as OpenID Connect” is enable

Question: The authorization request which is sent to Identify contains the standard scopes, e.g email profile. However the Identify returns the error code: invalid_scope like this sample:

error invalid_scope
error_description The authorization request contains invalid scope(s): email,profile
state CfDJ8M-Mjp1lwb5JpWbxG-K_LT2RA_EAARNIgbMQ2jwqQJqyPFJ7N-qbc8lEMUjkwzPPgE8Rnw53EooScPBAdJBxz9slV958q_dNNRHYUNgAGvh5C1p0wP7XI1ZLlGentewOlA5wmjI7nG55DKtoBApeqJPbmmLq3l6v8LbXZf6QwYy_0Ba8NCtYnCrrQautOSltQ6aFVJ_UemtQWQSEBJapSNV-0ewAFmWLr_nyGyCCjGv3TeIlED7KgjhJj2EXvSBIVsHDAQXUG4QgQetD3aeEZAC5wlt1HI118ZAmJ5cqM2my
error_uri https://identifyv55.safewhere.local/runtime/plugin/malformedrequest

error invalid_scope

error_description The authorization request contains invalid scope(s): email,profile

state CfDJ8M-Mjp1lwb5JpWbxG-K_LT2RA_EAARNIgbMQ2jwqQJqyPFJ7N-qbc8lEMUjkwzPPgE8Rnw53EooScPBAdJBxz9slV958q_dNNRHYUNgAGvh5C1p0wP7XI1ZLlGentewOlA5wmjI7nG55DKtoBApeqJPbmmLq3l6v8LbXZf6QwYy_0Ba8NCtYnCrrQautOSltQ6aFVJ_UemtQWQSEBJapSNV-0ewAFmWLr_nyGyCCjGv3TeIlED7KgjhJj2EXvSBIVsHDAQXUG4QgQetD3aeEZAC5wlt1HI118ZAmJ5cqM2my

error_uri https://identifyv55.safewhere.local/runtime/plugin/malformedrequest

What could be going wrong here?

Answer: You need to verify if you add those scopes to your OAuth2.0 protocol connection or not. If not, you can add it via the “Scopes for consent” section by clicking Add button and fill the required value (the code value must be your scope name)

here is its UI at SafewhereAdmin when you open the OpenID:

For more explanation for the scope UI, please refer: http://docs.safewhere.com/identify-add-protocal-connection/

Products

OAuth2.0/OpenID Connect – FAQ

Recent Posts