Support for scope parameter in the Authorization Code Request for OAuth2 Security
Thanks for the feedback – be great to get additional input on this. Keep the votes coming!
We are evaluating API Management for our needs. A problem we have is, that we cannot set a list of custom scopes in the OpenID configuration. It would be nice if the scope parameter cloud be defined per API. In the current state we cannot use the "Try It Now" functionality in the developer portal.
Hi Team - Please confirm that Scope option in OAuth Protocol to provide security on Operation level is available on APIM or still MS is working on that.
Mike Clark commented
I second this. We are evaluating API Management for use in our organization as a way to publish documentation. We also want to use the developer portal as a way for our QA resources to test API operations. Every single one of our APIs will be secured using the OpenID Connect protocol, and will each will require a specific scope within the access token in order to grant authorization. Without the ability to request a scope, the "Try It Now" UI within the Developer portal will be completely useless.
Microsoft is ****.