Oauth2 scopes adoption by API Gateway (Infor suites and Infor/non-Infor authorized apps)

With the 2020-06 release of Infor OS CE, all API suites and authorized apps of the Infor OS platform are scopes compatible. Configuration settings for OAuth2.0 scopes are visible, but this configuration applies to the API suites of Infor OS and authorized apps using Infor OS APIs. There is no impact on authorized apps belonging to other Infor cloud suites or customers.

The scopes feature is kept OFF by default to maintain backward compatibility. A tenant administrator must opt in to use scopes.

Note: For custom application/backend service apps, when the tenant enables scopes, all custom apps created by the tenant (and the ION backend service app) do not participate in scopes. Using scopes is due to precautions such as assigning scopes to service accounts in IFS or modifying the web-mobile application code. Tenants can enable scopes for these authorized apps at the app level after the necessary precautions are taken.