OAuth and scope

Hello All,

I’m trying to set up OAuth2 authorization on an IS, but I’m facing issues with the scope.

Here’s what I’ve done:

  • created a rest service _get on IS in package default, folder francois/testScope. Its execute permission is set to anonymous.
  • set up OAuth on IS
  • registered a client with type public
  • created a scope “test” with folders/services set to /francois/testScope
  • associated client with scope
  • requested a token for this client & scope

Now if I call my rest service at this url http://server:port/rest/francois/testScope/1 with header Authorization set to "Bearer ", I always get an error 403 forbidden “insufficient_scope”

I’ve tried this with both 9.12 and 10.1, and on both http and https ports.

Is there something wrong with the scope I defined? What should be the execute permission on the IS rest service?

Thanks for your help!