Hello , I am using SAML AIW and then enabled SCIM integration with Oauth2 , the I have configured oauth related details like client_id , client_secret , token , authorize urls etc, but when I try to generate token from OKTA , I could see OKTA is not passing any scope in authorize call which is making the call to fail.
Any reason why OKTA is not sending the scope ? Is this expected? How can I send the scope from OKTA?
For custom SAML apps configured via AIW, you will need to supply the scopes parameter manually in the Authorization endpoint URI.
Here’s an example:
https://{domain}/oauth2/v1/authorize?scopes=openid offline_access
**offline_access scope is for refresh tokens if enabled
Thanks for your answer Warren.
I have setup the scopes manually after authorize call , but the scopes are being sent intermittently - any idea why it can happen like this? Sometimes the scope is added , sometimes it is going as undefined.
Also when the scope is set and when sending the authorization code back to the redirect url I am getting the below error -
“OKTA 503 Service Unavailable - Looks like we have some problems on our end. Our engineers have been notified. View our status page to check service status.”
Appreciate your help here.