Scope being sent as empty for authorize call from OKTA for SAML AIW

Hello , I am using SAML AIW and then enabled SCIM integration with Oauth2 , the I have configured oauth related details like client_id , client_secret , token , authorize urls etc, but when I try to generate token from OKTA , I could see OKTA is not passing any scope in authorize call which is making the call to fail.

Any reason why OKTA is not sending the scope ? Is this expected? How can I send the scope from OKTA?

For custom SAML apps configured via AIW, you will need to supply the scopes parameter manually in the Authorization endpoint URI.

Here’s an example:
https://{domain}/oauth2/v1/authorize?scopes=openid offline_access
**offline_access scope is for refresh tokens if enabled

1 Like

Thanks for your answer Warren.

I have setup the scopes manually after authorize call , but the scopes are being sent intermittently - any idea why it can happen like this? Sometimes the scope is added , sometimes it is going as undefined.

Also when the scope is set and when sending the authorization code back to the redirect url I am getting the below error -
“OKTA 503 Service Unavailable - Looks like we have some problems on our end. Our engineers have been notified. View our status page to check service status.”

Appreciate your help here.