Hi guys,
I have set up a rule wherein the scopes ‘openid’ and ‘profile’ are filtered out from the issued access token scope.I am adding some custom permissions to the scope.
var permissions = user.permissions || [];
var requestedScopes = context.request.body.scope || context.request.query.scope;
var filteredScopes = requestedScopes.split(' ').filter( function(x) {
return x.indexOf(':') < 0 && x!=='openid' && x!=='profile';
});
Array.prototype.push.apply(filteredScopes, permissions);
context.accessToken.scope = filteredScopes.join(' ');
callback(null, user, context);
However the scopes “openid” and “profile” are not getting removed from the issued access token.
I tried debugging but the console is not accessible for some reason.
Appreciate any help
Regards
Aswin
Update:Managed to get it working, I think the rule took some time to apply. But there is something strange happening when I filter out (remove) the profile from access Token scope. The returned ID token does not contain profile information.So for now just filtering out openid
scope from access token. So to ask:
I have a SPA+API setup i.e implicit grant flow.
The scopes “profile” is used for returning the claims as defined in 5.4 of openid-connect-core-1_0 spec.If I remove the “profile” scope for access token in the rule pipeline does it affect ID token (no profiles returned)?
Hey there!
Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there but sometimes with all the incoming questions, it’s just not possible. Sorry for the inconvenience!
Do you still require further assistance?