How can we improve Azure API Management?

Support for scope parameter in the Authorization Code Request for OAuth2 Security

22 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
tp shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • dl commented  ·   ·  Flag as inappropriate

    We are evaluating API Management for our needs. A problem we have is, that we cannot set a list of custom scopes in the OpenID configuration. It would be nice if the scope parameter cloud be defined per API. In the current state we cannot use the "Try It Now" functionality in the developer portal.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Hi Team - Please confirm that Scope option in OAuth Protocol to provide security on Operation level is available on APIM or still MS is working on that.

  • Mike Clark commented  ·   ·  Flag as inappropriate

    I second this. We are evaluating API Management for use in our organization as a way to publish documentation. We also want to use the developer portal as a way for our QA resources to test API operations. Every single one of our APIs will be secured using the OpenID Connect protocol, and will each will require a specific scope within the access token in order to grant authorization. Without the ability to request a scope, the "Try It Now" UI within the Developer portal will be completely useless.

Feedback and Knowledge Base