Oauth2 Request for Token is missing scopes field #140
Description
Checklist
- I have looked into the README and have not found a suitable solution or answer.
- I have looked into the documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have upgraded to the latest version of OpenFGA and the issue still persists.
- I have searched the Slack community and have not found a suitable solution or answer.
- I agree to the terms within the OpenFGA Code of Conduct.
Description
The golang SDK supports scopes being added to a token claim:
This javascript SDK doesn't support it, and Zitadel fails without the mandatory minimum scope (openid) being added to the request.
Expectation
Being able to configure scopes like the Golang SDK.
Reproduction
- Try to connect to an OpenFGA instance configured to accept Zitadel OIDC via client credentials flow.
- Fail to do so due to no scope in the encoded form posted to the token endpoint.
OpenFGA SDK version
0.6.2
OpenFGA version
1.5.8
SDK Configuration
function createClientWithCredentials() {
return new OpenFgaClient({
apiUrl: process.env['FGA_API_URL'] as string,
storeId: process.env['FGA_STORE_ID'] as string,
authorizationModelId: process.env['FGA_MODEL_ID'] as string,
credentials: {
method: CredentialsMethod.ClientCredentials,
config: {
apiTokenIssuer: process.env['FGA_API_TOKEN_ISSUER'] as string,
apiAudience: process.env['FGA_API_AUDIENCE'] as string,
clientId: process.env['FGA_CLIENT_ID'] as string,
clientSecret: process.env['FGA_CLIENT_SECRET'] as string,
}
}
});
}
Logs
{"error":"invalid_request","error_description":"The scope of your request is missing. Please ensure some scopes are requested. If you have any questions, you may contact the administrator of the application."}