Introduction to Scope Management with WSO2 API Manager

Image for post
Image for post

Why Scope Management is needed?

brew install tomcat brew ls tomcat /usr/local/Cellar/tomcat/8.5.16/bin/catalina run
Name: UserManagementAPI Context: /usermanagement/api/ Version: 1.0.0
GET - rest/user/search/{user_id} POST - rest/user/add PUT - rest/user/update DELETE - rest/user/delete/{user_id}
Image for post
Image for post

Testing resources

Testing the POST method

{ "employeeId": 1, "firstName": "John", "lastName": "D", "salary": 100000.0, "status": "ACTIVE" }

Creating Scopes

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
curl -k -d "grant_type=password&username=<username>&password=<password>&scope=<scope>" -H "Authorization: Basic <Base64(Consumerkey:ConsumerSecret)>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
curl -k -d "grant_type=password&username=user1&password=user1&scope=scope1_user_add" -H "Authorization: Basic VHhZZGVoWmF0QkRLN3pmZDgzSHlUY0FIek5RYTpBVDIyeDM3aDlacjBuU2pxUVN0aHZYUEc3U29h" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8244/token
Image for post
Image for post
Image for post
Image for post
{"access_token":"8f920fae-29ed-3285-9a86-b4b430896dd6","refresh_token":"01d66d05-20c3-30b1-9281-74c03222ca6a","scope":"scope1_user_add","token_type":"Bearer","expires_in":3287}
Image for post
Image for post
Image for post
Image for post
curl -k -d "grant_type=password&username=user4&password=user4&scope=scope4_removeuser" -H "Authorization: Basic WV8zeENhQlkxakNhaXpwYjRTTlQ1NFdLemRzYTpYZXd6eUIwOGdsZjloTlhpeWVuSXdHT1c5ZElh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8244/token
{"access_token":"e0a9be1c-a991-3ac5-aa41-0b9da6219b50","refresh_token":"8eda046a-4a20-3ff5-aabd-d94363af605e","scope":"scope4_removeuser","token_type":"Bearer","expires_in":3600}
Image for post
Image for post

Single access token for multiple scopes

Image for post
Image for post
curl -k -d "grant_type=password&username=user1&password=user1&scope=scope1_user_add scope4_removeuser scope3_updateuser scop2_searchuser" -H "Authorization: Basic VHhZZGVoWmF0QkRLN3pmZDgzSHlUY0FIek5RYTpBVDIyeDM3aDlacjBuU2pxUVN0aHZYUEc3U29h" -H "Content-Type: application/x-www-form-urlencoded" https://10.100.5.136:8244/token
Image for post
Image for post

Conclusion

Written by

Senior Software Engineer — QA at WSO2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store