I have two services, A and B, and I want to create an access policy to allow the service A access the service B only if it is inside of an allowed group.
I created a policy like to that to all clients.:
IF Grant type is client credentials
and User is Assigned the app and a member of one of the following Services Allowed to B Group
and scopes service_b
But, even the service A isn’t inside of Services Allowed to B Group it can generate a token.
Is there another policy on your authorization server? I think what is happening is that the policy doesn’t match, so it is going to the next one (and that one matches).
I need a little more information about your config. Also, another quick check is to make sure that the authorization server is the one where your policy is specified.
I have a similar issues,
All the requested scopes end up in the token irrespective of the groups the user is member of.
Looks like the Rule dialog box is broken, I saw on the demo videos it has the imaged where the AND Scopes requested is replaced by THEN Grant these scopes