Define & Configure Custom Scopes

• Set up custom scopes in Keycloak based on project needs.

• Ensure the scopes align with existing taxonomy definitions:

• Scopes will be in the format XxxYyy, where:

  • Xxx = Read authorises GET requests

  • Xxx = Write authorises POST/PUT/PATCH requests (I think we want a separate Xxx = Delete, if it comes up)

  • Yyy = Enterprise will cover access to Enterprise endpoints

  • Yyy = Products will cover access to Product endpoints (SuppliedProduct, CatalogItem, Offer, Price

  • Yyy = Orders will cover access to Order endpoints (Orders, OrderLines - probably also needs to include ReadProducts or it isn't useful)

Agree scope is limited to Xxx = Read for now. Only Yyy = Enterprise will be required by CQCM initially, other portals will also require Yyy = Products