Support different formats of scopes

Question

Support different formats of scopes

Closed this issue 4 years ago · 12 comments

Is your feature request related to a problem? Please describe.
Hydra splits checking of scopes on .. It makes the assumption that scopes are dot separated. We have a use case where the scope needs to contain a :. A example of the scope is payments:xyz. I would like to create a client that has all scopes under payments. If it were dot separated I can create a client with scopes payments.*. I cannot do that with the :. I cannot create a client which has an allowed scope payments:*.

Describe the solution you'd like
I would like the ability to create a client with scopes separated by :. It would be good to be able to set a regular expression based scope strategy.

Answer 1 · 2019-01-23T09:19:42.000Z

Sorry for the late reply. Generally that's a possibility - one thing to keep in mind with : is that they are special characters in URLs and have to be encoded properly. Is there a specific reason why you want that delimiter instead of the more common . notation?

Answer 2 · 2019-01-25T08:25:18.000Z

No worries.
If it were up to me I wouldn’t want to have :. But we are supporting PSD2, Berlin Group standard and they have a requirement of using scopes separated by :.

Answer 3 · 2019-09-30T07:13:36.000Z

We also have (legacy) scope identifiers with : and would like to grant a scope like service:* to clients. Regular expression may not be needed, it would be enough to have a configuration for the list of separator characters. Character . could still be the default.

Answer 4 · 2019-09-30T08:58:52.000Z

We're open to accepting a PR. This should be done both in fosite (as a scope strategy) and hydra (as a configuration value). If you are looking to do a PR please discuss the changes beforehand as it will save some time :)

Answer 5 · 2019-11-29T08:20:07.000Z

Looks like a nice task to start with Go :)

Answer 6 · 2019-11-29T09:15:10.000Z

The fix would just be to add the delimiter as a parameter to the wildcard strategy?
Probably also for the hierarchical strategy? Or is that one deprecated and will be removed?

Answer 7 · 2019-11-29T11:17:55.000Z

yep exactly! I think we can add it to wildcard and hierarchical!

Answer 8 · 2020-08-31T10:45:17.000Z

@tacurran is this a feature that would make sense implementing?
Are you still open for contributing on this @elchtestAtBosch or @elch78 ?

Answer 9 · 2020-11-17T09:19:17.000Z

Sorry, I don't have time at the moment.

Answer 10 · 2021-01-12T11:15:34.000Z

Closing due to lack of public interest.

Answer 11 · 2022-09-09T11:19:12.000Z

Hey, @aeneasr would you mind reopening this?
There are other situations where the scope does not have "." as the delimiter.
We're dealing with a situation where scopes are using wildcards with "/" as a delimiter. Eg: "user/.rs", "practitioner/Patient."

I could help look into it. Would this involve changes in Fosite? - https://github.com/ory/fosite/blob/master/scope_strategy.go#L69

Answer 12 · 2023-01-12T06:40:28.000Z

@sidharthramesh agree, that would be great. we have permissions with : and it's a pain converting them back and forth