how to specify the scope with oauth2 client application

Asked 17/12, 2021 at 7:23 Answered 11/8, 2023 at 23:3

Solved spring-security-oauth2 oauth2client spring-boot-starter-oauth2-client

I am using Spring Security OAuth2 client application and have provided the below configuration


spring:
  security:
    oauth2:
      client:
        registration:
          okta:
            client-id: 
            client-secret: 
            scope: openid
        provider:
          okta:
            authorization-uri: https://dev-7858070.okta.com/oauth2/default/v1/authorize
            token-uri: https://dev-7858070.okta.com/oauth2/default/v1/token
            user-info-uri: https://dev-7858070.okta.com/oauth2/default/v1/userinfo
            jwk-set-uri: https://dev-7858070.okta.com/oauth2/default/v1/keys

I have specified the scope to only openid, but still getting other scopes like profile and email. I want to just get the openid scope. Where am I going wrong?

Bos answered 17/12, 2021 at 7:23 Comment(0)

You can specify multiple scopes by separating them with a comma.

spring:
  security:
    oauth2:
      client:
        registration:
          okta:
            client-id: 
            client-secret: 
            scope: openid,profile,email

Newsstand answered 17/12, 2021 at 15:31 Comment(2)

Why was this the correct answer? It's exact opposite of what the question asked – Flag 9/9, 2022 at 15:33

I think the question might've been different when I first answered it. That's the only explanation I can think of. – Newsstand 9/9, 2022 at 17:1

In OAuth2 authorization systems it is possible to define default scopes for a client. The client will always get these scopes, even if it didn‘t request them.

Profile and email are typical default scopes.

Chromato answered 11/8, 2023 at 23:3 Comment(0)

Recommended topics

Hot tags