I have “mod_auth_oidc” dependencies installed on apache that is acting as OIDC Client and registered with Okta API Custom Authz. server. My Apache Web server acting as OIDC relying party before it redirects the user to actual application that is running in the backend.
When my OIDC client(Apache Web server) is configured with all the list of scopes I defined in Authz Server, It is failing with “Policy evaluation failed for this request, please check the policy configurations”. It works only when the Apache OIDC client requesting the exact list of scopes assigned to the user profile.
Can Okta return only authorized scopes even though client requested more scopes instead of completely redirecting to error message?