Hi all,
We need to validate the scope parameter in Web APIs. I've seen in the documentation that with the Appian OAuth 2.0 client the scope parameter must either be blank or omitted entirely:
https://docs.appian.com/suite/help/24.1/Web_API_Authentication.html#using-the-oauth-2.0-client-credentials-grant
Can we use a third-party OAuth 2.0 client to validate scope parameter? With this authentication method, would the scope be validated internally or would we have to do it at the web API level?
Thanks in advance.
Discussion posts and replies are publicly visible
JJ Cañas Recently in 24.1 release they mentioned how we can use OAuth 2.0.
you can potentially use a third-party OAuth 2.0 client for authentication, you would still need to ensure that scope validation is properly implemented within your Web API. This ensures that only authorized requests with the appropriate scope are allowed access to the resources.
.
Ok, so I need to validate the scope within my Web API. Thanks!