Hello, looking for guidance on if there’s any applicable scopes that can be granted to OAuth clients that aim to use the “Query Password Info” API call (query-password-info | SailPoint Developer Community). Currently the API documentation doesn’t list any scopes for this API call, or the “Set Identity’s Password” and “Get Password Change Request Status” API calls. However, doing some local testing with a new OAuth client I created, I was able to see that the idn:password-change:manage scope allowed access to the “Set Identity’s Password” and “Get Password Change Request Status” API calls without requiring the sp:scopes:all scope. Currently, my team is looking to limit accesses we’re granting to OAuth clients if we can help it, because the sp:scopes:all scope is a little large and has the capability to grant more access than we believe OAuth clients should have for their specific uses. With that, if anyone is able to point me in the right direction of where to look, or scopes to test with, please let me know!
Yes i think all scopes are not updated in documentation. You can ask Sailpoint support.
A fews month ago we founded the same problem with search api and this part is updated now.
Hi Zackary,
Could you please raise this with your CSM assigned to your project? He will guide you to the right direction
Thanks
Rakesh Bhati
Certainly Rakesh and Ousmane, I’ll reach out to SP support and our CSM to see what we can find on this.
Thank you for the recommendations.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.