Registering Scopes in PTC Products
Scopes must be defined in the resource server to protect specified resources, and they must be registered in the service provider, which then attaches the scope value when requesting the protected resource from the resource server. Scope name values are dependent on the restrictions of the resource server. For example, Windchill does not recognize scope names with spaces.
Resource Server Scopes
You need to specify the resources that are to be exposed to valid requests containing the scope.
In Windchill, this is performed as part of the OAuth configuration steps when you edit the securityProperties.properties file. For more information, see Configure OAuth Delegated Authorization in the Windchill Help Center.
 |
Use the same scope name that was registered in PingFederate (CAS). For example, SCOPE NAME = WINDCHILL_READ.
|
For Windchill RV&S, do the following:
1. On the OAuth Settings page, click Scope Management.
2. In the Scope Value field, type INTEGRITY_READ_WRITE and in Scope Description, type Permission to read and write data, then click Add.
|
|
Windchill RV&S has a dummy scope to read, write, and modify Windchill RV&S data that the user is authorized to. The scope value and description can be defined by the user.
|
Service Provider Scope Registration
ThingWorx and applications built on the ThingWorx platform, such as ThingWorx Navigate, can act as service providers. Scopes that protect data in resource servers need to be registered in the service providers so they can be included with the access tokens when requesting the data.
In ThingWorx, you register scopes in the Integration Connector or Media Entity that is configured to retrieve data from resource servers. For more information, see Working with Scopes in the ThingWorx Help Center.
For ThingWorx Navigate, you add scopes in the ThingWorx Integration Connector and Content Proxy Media Entity.
|
|
Use the same scope name that was registered in PingFederate (CAS). For example, SCOPE NAME = WINDCHILL_READ.
|