Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the token-exchange mechanism to function without provisioning users. #3548

Open
Menuka-Senevirathne opened this issue Jan 27, 2025 · 0 comments
Open

Improve the token-exchange mechanism to function without provisioning users. #3548

Menuka-Senevirathne opened this issue Jan 27, 2025 · 0 comments
Labels
Component/APIM patch Type/Improvement

Comments

@Menuka-Senevirathne
Copy link

Current Limitation

As per the current implementation the default apim:subscribe, apim:api_create etc are not reflected when generating an access token using token-exchange grant type. As a workaround we had to provision the users into the APIM side by login into the portals.

In summary an IDP was created on the APIM side and mapped the external role to a local role. Then we did a scope assignment to the local role. Once the user is provisioned, it’s possible to login to the portals as well as generate a token with required scopes. But there can be users who still need to use a token-exchange grant type who aren’t required/allowed to use portals.

Suggested Improvement

N/A

Version

4.2.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component/APIM patch Type/Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hisanhunais @Menuka-Senevirathne