OAuth 2.0 - Client Credentials Flow + Permissions

Whenever a new OAuth Client is created in OTDS, assuming the global option is selected, are there any restictions to the data that can be requested through the REST API? Calls to the nodes resource are not returning expected data.

Answers

  • gregory109
    edited June 28 #2

    Hello, @MikDev

    The behavior depends on how you configure your OAuth 2.0 client and the associated resource (API).

    Here are some key points to consider:

    Resource Configuration:
    You need to create an OTDS Resource that represents your service or OAuth 2.0 resource (e.g., your RESTful API).
    Configure the resource with the appropriate access roles and permissions.
    Access Roles:
    Assign users (including your OAuth 2.0 client) to the access roles associated with the resource.
    These roles determine what data the client can access.
    OAuth 2.0 Scopes:
    Define OAuth 2.0 scopes for your resource. Scopes control the level of access granted to the client.
    When requesting an access token, the client specifies the desired scope(s).
    Testing and Debugging:
    Ensure that your OAuth 2.0 client is correctly configured to request the necessary scopes.
    Test the client’s authorization flow and verify that it receives the expected access token.

    I hope this info is helpful to you.

    Best Regard,
    Gregory Chavez

  • gregory109
    edited July 2 #3

    Hello, @MikDev

    Can you tell me my suggestion is helpful or not, If it's work please select as solution.

    Best Regard,
    Gregory Chavez