Oauth Scope Check

Question

I've got a access_token from my BigIP Oauth Authorization Server for grant_type as client_credentials with invalid scope. As you can see from the response from /introspect, both scope and scope_data is empty. I am wondering why the Oauth Scope Check in the Per-Request-Policy is still evaluated as Allow (subsession.oauth.scope.last.authresult == 1)? Should it give Deny as the evaluation result for this Per-Request-Policy? Is it possible for me to manually check the size of "scope_data" in that response in when ACCESS_PER_REQUEST_AGENT_EVENT if size of that array is &lt; 1, I'd like manually reset subsession.oauth.scope.last.authresult to 0oauth scope check to /f5-oauth2/v1/introspect has following response:

{

&nbsp; "active":true,

&nbsp; "client_id":"68ebc48eb2a84a096e8589eb141900505686049f7743c05d",

&nbsp; "username":"/Common/oauthas-ap.vsasdao",

&nbsp; "token_type":"Bearer",

&nbsp; "exp":1573213401,

&nbsp; "iat":1573209801,

&nbsp; "nbf":1573209501,

&nbsp; "sub":"/Common/oauthas-ap.vsasdao",

&nbsp; "scope":"",

&nbsp; "scope_data":[

&nbsp; ]

}

jian_lin · Answer

you my try subsession.oauth.scope.last.introspect.scope_data.id to and &nbsp;subsession.oauth.scope.last.scope_data.parsed.(value from last command)

jian_lin · Answer

there is empty in your scope valid response (in scope data )

Forum Discussion

Oauth Scope Check

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Transaction looks successful but file not downloading

Related Content

Basic OAuth concept and OAuth with F5 solutions

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

Monitoring Failure OAuth request

Scope and integrity of local variables

APM as Oauth Authorization server