Hi Nadeesha, When you say 'users in an organization', are you referring to app developers or end users?
The scopes are used to authorize end users, but not app developers. Therefore, as you said if the end users want to know which scopes they are allowed to access, they can do that by calling the token endpoint. However, since end users typically don't directly call APIs but applications call APIs on behalf of them, I can't think of a use case where end users needing to know all scopes they have access to. Do you have any specific use case? If they want to know the scopes they have access to within an application, the application itself can call the token API and let its end users know what they have access to. Thanks, Bhathiya On Mon, Apr 23, 2018 at 4:26 AM, Nadeesha Gamage <[email protected]> wrote: > Ok noted, but on a more practical POV I feel it would be good to have only > the applicable scopes available. If an organization is going to have many > different types of scopes it would be a tedious task for anyone to find out > which scope is really applicable for them. > > > Nadeesha > > On Sun, Apr 22, 2018 at 11:00 PM, Bhathiya Jayasekara <[email protected]> > wrote: > >> Hi Nadeesha, >> >> By design, the role validation for scopes is done only at runtime. In the >> design time, it's not validated because app developers should be able to >> test their apps with any scope attached to the subscribed APIs. >> >> Thanks, >> Bhathiya >> >> On Sun, Apr 22, 2018 at 5:53 PM, Nadeesha Gamage <[email protected]> >> wrote: >> >>> Hi API Manager team, >>> Is there a reason for showing all scopes (even the once that >>> doesnt associate or work for a given users role) in the scopes dropdown of >>> the API Store key generation section shown below. Currently All scopes are >>> shown even if the scope is not allowed to a given user. >>> >>> >>> >>> >>> >>> >>> Thank you >>> >>> -- >>> Nadeesha Gamage >>> Lead Solutions Engineer >>> T : +94 77 394 5706 >>> B : https://nadeesha678.wordpress.com/ >>> >> >> >> >> -- >> *Bhathiya Jayasekara* >> *Associate Technical Lead,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > Nadeesha Gamage > Lead Solutions Engineer > T : +94 77 394 5706 > B : https://nadeesha678.wordpress.com/ > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
