Watson Workspace will no longer be available after February 28, 2019. Learn more.


Why the scope at the JWT is different from the scope at authentication body ?



  • Avatar
    Miguel Estrada

    https://jwt.io/introduction/  gives some background on JWTs


    Now sure what your use case is.  The JWT has a few parts in it.  id = user or app identity.  client_id = appId.  If the JWT has been obtained as above client-credentials then it indicates that the user identity is that of the app and the client that such user is using is also the app. 

  • Avatar

    There is not specific case, it was just curiosity.  I am aware of what JWT is, and the part it has.  In fact, as far as I known, on the JWT payload you optionally can decide to include any field you want,  but I did not understood why the fields are duplicated, and the same info your are providing on the JWT payload is also outside the JWT, on the response body of the request....   Specially on the scope case........  where I have a scope of  'member_modify transcript_read profile_update message_create space_list message_read file_upload space_change file_download space_read profile_read membership_list'  on the body,   and a scope of "app" on the JWT  (that I presume it can aso change to read+write+ibm if you are runing on behalf of an user....).

    I am aware that I only need the entire JWT, I do not need to extract the payload,  and those are information fields that I will not use inside my app , but as said, it was simple curiosity.....


Please sign in to leave a comment.