Scopes attributes and authorization process

Authlete allow administrators to define ad hoc attributes and assign them to individual scopes on the Service Owner console.

When the AS  gets a response from /api/auth/authorization the response structure will resemble the structure below:

{
    "type": "authorizationResponse",
    "resultCode": "...",
    "resultMessage": "...",
    "acrEssential": false,
    "action": "...",
    "client": {...},
    "clientIdAliasUsed": false,
    "maxAge": 0,
    "responseContent": "...",
    "scopes": [
        {
            "defaultEntry": false,
            "description": "A permission to request an OpenID Provider to issue an ID Token. See OpenID Connect Core 1.0, 3.1.2.1. for details.",
            "name": "openid"
        },
        {
            "defaultEntry": false,
            "name": "payment"
        }
    ],
    "service": {
        ...
        "supportedScopes": [
            {
                "defaultEntry": false,
                "description": "A permission to request an OpenID Provider to issue an ID Token. See OpenID Connect Core 1.0, 3.1.2.1. for details.",
                "name": "openid"
            },
            {
                "attributes": [
                    {
                        "key": "meta",
                        "value": "this profile requires a second factor authentication"
                    },
                    {
                        "key": "fapi",
                        "value": "rw"
                    }
                ],
                "defaultEntry": false,
                "name": "payment"
            },
            ...
        ],
        ...
    }
}


Note that attributes of the scopes are returned in the service configuration part not assigned directly under the requested scopes.

How did we do with this article?