Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oauth2 Request for Token is missing scopes field #140

Open
6 tasks done
danielloader opened this issue Aug 15, 2024 · 0 comments
Open
6 tasks done

Oauth2 Request for Token is missing scopes field #140

danielloader opened this issue Aug 15, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@danielloader
Copy link

danielloader commented Aug 15, 2024
edited
Loading

Checklist

  • I have looked into the README and have not found a suitable solution or answer.
  • I have looked into the documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have upgraded to the latest version of OpenFGA and the issue still persists.
  • I have searched the Slack community and have not found a suitable solution or answer.
  • I agree to the terms within the OpenFGA Code of Conduct.

Description

The golang SDK supports scopes being added to a token claim:

https://github.com/openfga/go-sdk/blob/9449c5ef9f56123aff8fe1f47bc166ff33c5775a/credentials/credentials.go#L116-L119

This javascript SDK doesn't support it, and Zitadel fails without the mandatory minimum scope (openid) being added to the request.

Expectation

Being able to configure scopes like the Golang SDK.

Reproduction

  1. Try to connect to an OpenFGA instance configured to accept Zitadel OIDC via client credentials flow.
  2. Fail to do so due to no scope in the encoded form posted to the token endpoint.

OpenFGA SDK version

0.6.2

OpenFGA version

1.5.8

SDK Configuration

function createClientWithCredentials() {
  return new OpenFgaClient({
    apiUrl: process.env['FGA_API_URL'] as string,
    storeId: process.env['FGA_STORE_ID'] as string,
    authorizationModelId: process.env['FGA_MODEL_ID'] as string,
    credentials: {
      method: CredentialsMethod.ClientCredentials,
      config: {
        apiTokenIssuer: process.env['FGA_API_TOKEN_ISSUER'] as string,
        apiAudience: process.env['FGA_API_AUDIENCE'] as string,
        clientId: process.env['FGA_CLIENT_ID'] as string,
        clientSecret: process.env['FGA_CLIENT_SECRET'] as string,
      }
    }
  });
}

Logs

{"error":"invalid_request","error_description":"The scope of your request is missing. Please ensure some scopes are requested. If you have any questions, you may contact the administrator of the application."}

References
@danielloader danielloader added the bug Something isn't working label Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
SDKs and Tooling
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielloader