@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@PreAuthorize("hasAuthority('SCOPE_{scope.getName()}') || hasAuthority('SCOPE_{ADMIN_SCOPE.getName()}')")
public @interface RequiredScope {
ServiceScope scope();
static final ServiceScope ADMIN_SCOPE = ServiceScope.SUPERADMIN;
}
I want to be able to pass in a required scope, but also have the superadmin scope be valid too. However, even when the proper authorities are present in the provided token, I get a 403 response stating that I have insufficient scopes.
The error says error="insufficient_scope",error_description="The request requires higher privileges than provided by the access token.",error_uri="
https://tools.ietf.org/html/rfc6750#section-3.1 when making a call to the endpoint via a Swagger page with a valid token provided.
The enum in question is structured as follows with various different scopes (not included)
@Getter
public enum ServiceScope {
String name;
String description;
private ServiceScope(String name, String description) {
this.name = name;
this.description = description;
}
}
The value in name is the actual scope in the token, I just need the annotation to pick it up. Fairly new to spring security, so please be kind!
I have referenced
https://docs.spring.io/spring-security/reference/whats-new.html to start, but haven't been able to find more helpful information
0 comments:
Post a Comment
Thanks