Question: The authorization request which is sent to Identify contains the scope: openid. However the Identify returns the error code: invalid_scope like this sample:
1 2 3 4 |
error invalid_scope error_description The authorization request contains invalid scope(s): openid state CfDJ8M-Mjp1lwb5JpWbxG-K_LT3RnSn39Q_GLXRIve4weByj-kacbP9eT5IcFKR9pliCwbiNNR4Z0M-kxeCcwPOne3R2zawCwuC4f9Kvsiu9-IvTWl9GiXVqdX7jDLivRoaYFFZv_7MPcvO97vYmge8f5EHSVB9HSQQmdODWOwT6bVq3m4cswdQw29MuUmvnfLF7n2BCtmprOHoPsq5FYJYw8oijALe-reztdKWo4P7ae5leAumqpvDWmG9lbuAfiE4pBwTYI2p1OyB39PW-M1tksjWkxtIXK_DALv5Bj9gdi4xV error_uri https://identifyv55.safewhere.local/runtime/plugin/malf[custom-related-posts title="Related Posts" none_text="None found" order_by="title" order="ASC"]ormedrequest |
What could be going wrong here?
Answer: "openid" is the special scope to define the current OAuth2.0 SP is the OpenID Connect. Please verify the OAuth2.0 protocol connection setup and enable the setting: "Use as OpenID Connect" is enable
Question: The authorization request which is sent to Identify contains the standard scopes, e.g email profile. However the Identify returns the error code: invalid_scope like this sample:
1 2 3 4 |
error invalid_scope error_description The authorization request contains invalid scope(s): email,profile state CfDJ8M-Mjp1lwb5JpWbxG-K_LT2RA_EAARNIgbMQ2jwqQJqyPFJ7N-qbc8lEMUjkwzPPgE8Rnw53EooScPBAdJBxz9slV958q_dNNRHYUNgAGvh5C1p0wP7XI1ZLlGentewOlA5wmjI7nG55DKtoBApeqJPbmmLq3l6v8LbXZf6QwYy_0Ba8NCtYnCrrQautOSltQ6aFVJ_UemtQWQSEBJapSNV-0ewAFmWLr_nyGyCCjGv3TeIlED7KgjhJj2EXvSBIVsHDAQXUG4QgQetD3aeEZAC5wlt1HI118ZAmJ5cqM2my error_uri https://identifyv55.safewhere.local/runtime/plugin/malformedrequest |
What could be going wrong here?
Answer: You need to verify if you add those scopes to your OAuth2.0 protocol connection or not. If not, you can add it via the "Scopes for consent" section by clicking Add button and fill the required value (the code value must be your scope name)
here is its UI at SafewhereAdmin when you open the OpenID:
For more explanation for the scope UI, please refer: http://docs.safewhere.com/identify-add-protocal-connection/