Hi Team;
We have a client use case requirement during the validation of access tokens through https://hostname/v1.0/endpoint/default/userinfo. The client wants ISV to send the custom-defined scope value on the responses.
Step 1: In ISV, under security and API access, we created and shared the client ID and client secret with the client. Based on the grant type and this information, they will generate the access token.
Step 2: Upon receiving the access token, they validated this ID token through the user information, getting the basic responses they needed for the scope value as an IVR.
Client End Responses Screen Shot:
Note: As this is for an API, there is no human user involved here for user ISV authentication. Hence, we don't go with other grant types such as authorization codes and so on. These flows required the user to be authorized each time while generating the access token.
Please suggest how to achieve this use case.
Regards,
Satheesh G
------------------------------
Satheesh Ganesan
------------------------------