how to specify the scope with oauth2 client application

Question

I am using Spring Security OAuth2 client application and have provided the below configuration


spring:
  security:
    oauth2:
      client:
        registration:
          okta:
            client-id: 
            client-secret: 
            scope: openid
        provider:
          okta:
            authorization-uri: https://dev-7858070.okta.com/oauth2/default/v1/authorize
            token-uri: https://dev-7858070.okta.com/oauth2/default/v1/token
            user-info-uri: https://dev-7858070.okta.com/oauth2/default/v1/userinfo
            jwk-set-uri: https://dev-7858070.okta.com/oauth2/default/v1/keys

I have specified the scope to only openid, but still getting other scopes like profile and email. I want to just get the openid scope. Where am I going wrong?

score 4 · Accepted Answer · answered Dec 17 '21 at 15:31

4

You can specify multiple scopes by separating them with a comma.

spring:
  security:
    oauth2:
      client:
        registration:
          okta:
            client-id: 
            client-secret: 
            scope: openid,profile,email

answered Dec 17 '21 at 15:31

Matt Raible

8,187
9
61
120

Why was this the correct answer? It's exact opposite of what the question asked – user3758745 Sep 09 '22 at 15:33
I think the question might've been different when I first answered it. That's the only explanation I can think of. – Matt Raible Sep 09 '22 at 17:01

score 0 · Answer 2 · answered Aug 11 '23 at 23:03

0

In OAuth2 authorization systems it is possible to define default scopes for a client. The client will always get these scopes, even if it didn‘t request them.

Profile and email are typical default scopes.

answered Aug 11 '23 at 23:03

Robert

1

how to specify the scope with oauth2 client application

2 Answers2