- if scope != "" {
- scopeData := strings.Split(strings.Split(scope, "#")[1], ":")
- if !s.serviceRegister.IsFunctionRegistered(scopeData[0]) {
- return sendCoreError(ctx, http.StatusBadRequest, "Function not registered")
- }
- if !s.apiRegister.IsAPIRegistered(scopeData[0], scopeData[1]) {
- return sendCoreError(ctx, http.StatusBadRequest, "API not published")
+
+ if !s.invokerRegister.VerifyInvokerSecret(accessTokenReq.ClientId, *accessTokenReq.ClientSecret) {
+ return sendAccessTokenError(ctx, http.StatusBadRequest, securityapi.AccessTokenErrErrorUnauthorizedClient, "Invoker secret not valid")
+ }
+
+ if accessTokenReq.Scope != nil && *accessTokenReq.Scope != "" {
+ scope := strings.Split(*accessTokenReq.Scope, "#")
+ aefList := strings.Split(scope[1], ";")
+ for _, aef := range aefList {
+ apiList := strings.Split(aef, ":")
+ if !s.serviceRegister.IsFunctionRegistered(apiList[0]) {
+ return sendAccessTokenError(ctx, http.StatusBadRequest, securityapi.AccessTokenErrErrorInvalidScope, "AEF Function not registered")
+ }
+ for _, api := range strings.Split(apiList[1], ",") {
+ if !s.publishRegister.IsAPIPublished(apiList[0], api) {
+ return sendAccessTokenError(ctx, http.StatusBadRequest, securityapi.AccessTokenErrErrorInvalidScope, "API not published")
+ }
+ }