OAuth Scopes#
Prerequisite: Know how to use the Janssen CLI in command-line mode
Let's get information for a task OAuthScopes
/opt/jans/jans-cli/config-cli.py --info OAuthScopes
Operation ID: get-oauth-scopes
Description: Gets list of Scopes. Optionally type to filter the scope, max-size of the result and pattern can be provided.
Parameters:
type: Scope type. [string]
limit: Search size - max size of the results to return. [integer]
pattern: Search pattern. [string]
Operation ID: post-oauth-scopes
Description: Create Scope.
Schema: /components/schemas/Scope
Operation ID: put-oauth-scopes
Description: Updates existing Scope.
Schema: /components/schemas/Scope
Operation ID: get-oauth-scopes-by-inum
Description: Get Scope by Inum
url-suffix: inum
Operation ID: delete-oauth-scopes-by-inum
Description: Delete Scope.
url-suffix: inum
Operation ID: patch-oauth-scopes-by-id
Description: Update modified attributes of existing Scope by Inum.
url-suffix: inum
Schema: Array of /components/schemas/PatchRequest
To get sample schema type /opt/jans/jans-cli/config-cli.py --schema <schma>, for example /opt/jans/jans-cli/config-cli.py --schema /components/schemas/PatchRequest
Find/View OAuth Scopes#
Operations will be done with Operation ID. Some operations may take parameters, let's retrieve 3 scopes (limit) that has view in it's description (pattern) and type openid:
/opt/jans/jans-cli/config-cli.py --operation-id get-oauth-scopes --endpoint-args limit:3,pattern:view,type:openid
```
It will return:
```
Getting access token for scope https://jans.io/oauth/config/scopes.readonly
Calling with params limit=3&pattern=view&type=openid
[
{
"dn": "inum=43F1,ou=scopes,o=jans",
"id": "profile",
"inum": "43F1",
"displayName": null,
"description": "View your basic profile info.",
"iconUrl": null,
"authorizationPolicies": null,
"defaultScope": false,
"scopeType": "openid",
"claims": [
"inum=2B29,ou=attributes,o=jans",
"inum=0C85,ou=attributes,o=jans",
"inum=B4B0,ou=attributes,o=jans",
"inum=A0E8,ou=attributes,o=jans",
"inum=5EC6,ou=attributes,o=jans",
"inum=B52A,ou=attributes,o=jans",
"inum=64A0,ou=attributes,o=jans",
"inum=EC3A,ou=attributes,o=jans",
"inum=3B47,ou=attributes,o=jans",
"inum=3692,ou=attributes,o=jans",
"inum=98FC,ou=attributes,o=jans",
"inum=A901,ou=attributes,o=jans",
"inum=36D9,ou=attributes,o=jans",
"inum=BE64,ou=attributes,o=jans",
"inum=6493,ou=attributes,o=jans"
],
"umaType": false,
"umaAuthorizationPolicies": null,
"attributes": {
"spontaneousClientId": null,
"spontaneousClientScopes": null,
"showInConfigurationEndpoint": true
}
},
{
"dn": "inum=C17A,ou=scopes,o=jans",
"id": "address",
"inum": "C17A",
"displayName": null,
"description": "View your address.",
"iconUrl": null,
"authorizationPolicies": null,
"defaultScope": false,
"scopeType": "openid",
"claims": [
"inum=27DB,ou=attributes,o=jans",
"inum=2A3D,ou=attributes,o=jans",
"inum=6609,ou=attributes,o=jans",
"inum=6EEB,ou=attributes,o=jans",
"inum=BCE8,ou=attributes,o=jans",
"inum=D90B,ou=attributes,o=jans",
"inum=E6B8,ou=attributes,o=jans",
"inum=E999,ou=attributes,o=jans"
],
"umaType": false,
"umaAuthorizationPolicies": null,
"attributes": {
"spontaneousClientId": null,
"spontaneousClientScopes": null,
"showInConfigurationEndpoint": true
}
},
{
"dn": "inum=764C,ou=scopes,o=jans",
"id": "email",
"inum": "764C",
"displayName": null,
"description": "View your email address.",
"iconUrl": null,
"authorizationPolicies": null,
"defaultScope": false,
"scopeType": "openid",
"claims": [
"inum=8F88,ou=attributes,o=jans",
"inum=CAE3,ou=attributes,o=jans"
],
"umaType": false,
"umaAuthorizationPolicies": null,
"attributes": {
"spontaneousClientId": null,
"spontaneousClientScopes": null,
"showInConfigurationEndpoint": true
}
}
]
Create an OAuth Scope#
Let's create a scope. Remember when we queried info for a task OAuthScopes it printed:
Operation ID: post-oauth-scopes
Description: Create Scope.
Schema: /components/schemas/Scope
post-oauth-scopes. Lets get sample schema:
/opt/jans/jans-cli/config-cli.py --schema /components/schemas/Scope > /tmp/scope.json
Now edit file tmp/scope.json with an editor (like nano). As an example we just filled the following properties:
"id": "TestScopeID",
"displayName": "TestScope",
"description": "Test Scope created by jans-cli",
It is time to post the data:
/opt/jans/jans-cli/config-cli.py --operation-id post-oauth-scopes --data /tmp/scope.json
Getting access token for scope https://jans.io/oauth/config/scopes.write
Server Response:
{
"dn": "inum=112116fd-257b-40d8-a2c9-0c23536680ed,ou=scopes,o=jans",
"id": "TestScopeID",
"inum": "112116fd-257b-40d8-a2c9-0c23536680ed",
"displayName": "TestScope",
"description": "Test Scope created by jans-cli",
"iconUrl": null,
"authorizationPolicies": null,
"defaultScope": true,
"scopeType": "openid",
"claims": null,
"umaType": false,
"umaAuthorizationPolicies": null,
"attributes": {
"spontaneousClientId": null,
"spontaneousClientScopes": null,
"showInConfigurationEndpoint": true
}
}
It created scope with inum 112116fd-257b-40d8-a2c9-0c23536680ed and returned current data.
Update Existing OAuth Scopes#
In case we need to update an existing OAuth Scope, we can do that as well.
To update an existing OAuth Scope, we have to create a json file with updated details. You can get the schema file as well to understand the format of the OAuth Scope JSON file.
This is an existing OAuth Scope we are going to update.
{
"dn": "inum=5c3ba3f0-d2ce-4974-9efb-883697d929d1,ou=scopes,o=jans",
"inum": "5c3ba3f0-d2ce-4974-9efb-883697d929d1",
"displayName": "TestScope",
"id": "TestScopeID",
"iconUrl": null,
"description": "TestScope for jans-cli",
"scopeType": "dynamic",
"claims": null,
"defaultScope": true,
"groupClaims": true,
"dynamicScopeScripts": null,
"umaAuthorizationPolicies": null,
"attributes": {
"spontaneousClientId": null,
"spontaneousClientScopes": null,
"showInConfigurationEndpoint": false
},
"umaType": false,
"deletable": false,
"expirationDate": null
}
scopeType to openid.
The updated data:
{
"dn": "inum=5c3ba3f0-d2ce-4974-9efb-883697d929d1,ou=scopes,o=jans",
"inum": "5c3ba3f0-d2ce-4974-9efb-883697d929d1",
"displayName": "TestScope",
"id": "TestScopeID",
"iconUrl": null,
"description": "TestScope for jans-cli",
"scopeType": "openid",
"claims": null,
"defaultScope": true,
"groupClaims": true,
"dynamicScopeScripts": null,
"umaAuthorizationPolicies": null,
"attributes": {
"spontaneousClientId": null,
"spontaneousClientScopes": null,
"showInConfigurationEndpoint": false
},
"umaType": false,
"deletable": false,
"expirationDate": null
}
The command line is:
/opt/jans/jans-cli/config-cli.py --operation-id put-oauth-scopes --data /tmp/scope.json
This will updated the existing oauth scopes matched with inum value.
Patch OAuth Scopes by inum#
Let's update iconUrl with patch method. So we need a schema for the patch method. Remember when we queried info for the task OAuthScopes it printed:
Operation ID: patch-oauth-scopes-by-id
Description: Update modified attributes of existing Scope by Inum.
url-suffix: inum
Schema: Array of /components/schemas/PatchRequest
```
This means we need schema `/components/schemas/PatchRequest`, be careful it states **Array of**, so we will make an array of this schema, in case you need multiple changes with patch method, you can put as many as of this schema into array. To know more about `PatchRequest` schema, please visit this [link](config-tools/jans-cli/README.md#patch-request-schema).
Let's Get schema:
We can edit this json as follows (remember to make it an array):
Let's do the operation:
Getting access token for scope https://jans.io/oauth/config/scopes.write Server Response: { "dn": "inum=112116fd-257b-40d8-a2c9-0c23536680ed,ou=scopes,o=jans", "id": "TestScopeID", "inum": "112116fd-257b-40d8-a2c9-0c23536680ed", "displayName": "TestScope", "description": "Test Scope created by jans-cli", "iconUrl": "https://www.jans.io/icon.png", "authorizationPolicies": null, "defaultScope": true, "scopeType": "openid", "claims": null, "umaType": false, "umaAuthorizationPolicies": null, "attributes": { "spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": true } }
## Find OAuth Scopes by `inum`
In case We know the `inum` value of an OAuth Scope, We can get the details of that scope.
We can see that, the `url-suffix` here for `inum` value. And the command line is:
For example:
It returns the details of the scope matched with the `inum` value.
That's it.
## Delete OAuth Scopes by `inum`
You can delete any OAuth Scopes by its `inum` value.
The command line is:
Just change the inum value to your own according to which one you want to delete.
Last update:
2023-08-03
Created: 2021-04-22
Created: 2021-04-22
