4 Jul 2016

Setting the scope for the access token

Default blog image

By Adam Nagy

One thing that sometimes people miss is that the scope needs to be set as a single string with the scope values separated by space - instead of as a list of values.

If you do the following then it will succeed, but the scope values will be ignored:

curl \
-v "https://developer.api.autodesk.com/authentication/v1/authenticate" \
-X "POST" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=<client id>&client_secret=<client secret>&grant_type=client_credentials&scope(0)=bucket:create&scope(1)=bucket:read&scope(2)=data:write"

After this if you try to do something like this:

curl \
-v "https://developer.api.autodesk.com/oss/v2/buckets" \
-X "POST" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <token>" \
-d "{\"bucketKey\":\"mynewbucket\",\"policyKey\":\"transient\"}"

Then you will get a reply like this:

Token scope not set. This request does not have the required privilege.

But if you set the required scopes the correct way in a single string then all will be fine. You just have to URL encode the space characters to %20:

curl \
-v "https://developer.api.autodesk.com/authentication/v1/authenticate" \
-X "POST" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=<client id>&client_secret=<client secret>&grant_type=client_credentials&scope=bucket:create%20bucket:read%20data:write"

 

Tags:

Related Article

Posted By

Adam Nagy

Follow @AdamTheNagy Adam Nagy joined Autodesk back in 2005 and has been providing programming support, consulting, training and evangelism to external developers. He started his career in Budapest, then worked in Prague for 3 years and now lives in South England, UK. At the moment focusing on Inventor and Fusion 360, plus cloud and mobile related technologies. Adam has a degree in Software Engineering and has...