4 Jul 2016

Setting the scope for the access token

Default blog image

By Adam Nagy

One thing that sometimes people miss is that the scope needs to be set as a single string with the scope values separated by space - instead of as a list of values.

If you do the following then it will succeed, but the scope values will be ignored:

curl \
-v "https://developer.api.autodesk.com/authentication/v1/authenticate" \
-X "POST" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=<client id>&client_secret=<client secret>&grant_type=client_credentials&scope(0)=bucket:create&scope(1)=bucket:read&scope(2)=data:write"

After this if you try to do something like this:

curl \
-v "https://developer.api.autodesk.com/oss/v2/buckets" \
-X "POST" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <token>" \
-d "{\"bucketKey\":\"mynewbucket\",\"policyKey\":\"transient\"}"

Then you will get a reply like this:

Token scope not set. This request does not have the required privilege.

But if you set the required scopes the correct way in a single string then all will be fine. You just have to URL encode the space characters to %20:

curl \
-v "https://developer.api.autodesk.com/authentication/v1/authenticate" \
-X "POST" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=<client id>&client_secret=<client secret>&grant_type=client_credentials&scope=bucket:create%20bucket:read%20data:write"

 

Tags:

Related Article