Required Scope for Application Ownership Change Not Exposed in Management Console

[vaibhavhapani]

Description

In Identity Server 7.0.0, the ownership of an application can be changed using the API [1], which requires the internal_organization_admin scope part of the Admin Application Management API resource. However, this resource does not appear under Management Console → Applications → API Authorization.

As a result, it is not possible to obtain a token containing this scope via the client credentials grant.

Additionally, invoking this API using basic authentication with admin credentials is not feasible, as this scope has not been added to the system API resources. Consequently, the admin role currently does not have the necessary permission.

[1] - Change application owner

Steps to Reproduce

1. Create an Application
2. Try changing the ownership of the application using this API [1] using basic authentication with admin credentials
3. Observe the error: "Operation is not permitted. You do not have permissions to make this request."

Please select the area issue is related to

API Access Mgt & Authorization

Version

7.0.0

Environment Details (with versions)

No response

Developer Checklist

• [Behavioural Change] Does this change introduce a behavioral change to the product?
•  ↳ Approved by team lead
•  ↳ Label impact/behavioral-change added
• [Migration Impact] Does this change have a migration impact?
•  ↳ Migration label added (e.g., 7.2.0-migration)
•  ↳ Migration issues created and linked
• [New Configuration] Does this change introduce a new configuration?
•  ↳ Label config added
•  ↳ Configuration is properly documented