I am trying to attempt client credential workflow to have auth token issued for application who comes with application id and secret and scope.
- Create list of application App1,App2 and app3
- Create groups and associate apps with these groups like below;
*App1 - Private Group
App1, App2 - Public
App1, App3 - Custom
created auth server and created custom scopes…
assign these scopes to groups under Policies in Authserver(Security->API->Auth server)
5.client chosen as all client (apps) since it was associated under Groups.
- this rule scope association with group is not working. it always returning token presented in part of the rules instead of checking valid association with groups and apps.
Just a note: I created two different approach:
- individual policy and indiv rule for each application by choosing specific clients - it is working
- individual policy and indiv rule for each scope or group by choosing All clients - it is not working
also, i am using trial account for trying this POC.
Please help and advice me best approach