I’ll start with our final goal : we want to have user context when calling our API using the machine2machine method (we don’t have a web app) + having the ability to configure scopes and permissions for USERS.
So far we did the following:
- Created a web application and defined a login flow for users and obtained token for the user.
- We configured manually permissions and roles for the user-application-api accordingly
- However, the token obtained in (1) doesn’t have “scopes” field in it whatsoever, hence we are unable to access the api which is protected by “hasAuthority” of the requires permissions.
We followed spring mvc exmaples.
Please let me know if any more information regarding our issue is required.