I have a GraphQL API published with APIM(version 3.2.0) which is protected by a scope (say a local scope named test_scope which is based on a role named test which has the API subscribe permission). I am using WSO2 IS(version 5.11.0) as an identity provider with oauth/openid connect configured. What I am trying to achieve is below
- Get the jwt token by login with /oauth2/authorize IS endpoint
- using the token from step 1 to get jwt token based on my scope (test_scope) with /oauth2/token APIM endpoint.
- using the token obtained in step 2 to access the api endpoint published with APIM
What I tried so far is using the jwt access token from step 1 to do step 2 using the following curl.
curl -i -X POST -u <CLIENT_ID>:<Client_SECRET> -k -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<JWT>' -H 'Content-Type: application/x-www-form-urlencoded' https://<IP>:<Port>/oauth2/token
When I get the token and invoked the secured API endpoint it says 'User is NOT authorized to access the Resource'. How to get the access token with required scopes to overcome this issue.
question from:
https://stackoverflow.com/questions/65839046/scope-based-access-token-with-wso2-apim 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
