[GCZ] Scope parameter for the OAuthToken request is not supported for client Credential OAuthFlow
Receiving GCZ 'GET_COUNT_EXCEPTION' Error while testing GCZ application in Azure environment. once Application is deployed after starting Transformer application it throws the error in OAuth Flow.
PFB the app logs for reference:
[INFO ] 2023-03-10 06:35:45.844 [main] TransformerApplication - The following profiles are active: local
[INFO ] 2023-03-10 06:35:47.219 [main] LocalFeatureCache - Starting Ignite...
[INFO ] 2023-03-10 06:35:51.234 [main] LocalFeatureCache - Ignite is started
[INFO ] 2023-03-10 06:35:51.594 [main] OAuthTokenUtils - OSDU OAuth parameters are valid
[INFO ] 2023-03-10 06:35:52.141 [main] TransformerApplication - Started TransformerApplication in 7.954 seconds (JVM running for 9.883)
[INFO ] 2023-03-10 06:35:52.172 [pool-2-thread-1] FeatureCacheSynchronizerHelper - Begin Batch Synchronize of 2000 for kind: 'osdu:wks:master-data--Well:1.0.0'
[INFO ] 2023-03-10 06:35:52.172 [pool-2-thread-4] FeatureCacheSynchronizerHelper - Begin Batch Synchronize of 2000 for kind: 'osdu:wks:work-product-component--SeismicTraceData:1.0.0'
[INFO ] 2023-03-10 06:35:52.172 [pool-2-thread-2] FeatureCacheSynchronizerHelper - Begin Batch Synchronize of 2000 for kind: 'osdu:wks:master-data--Wellbore:1.0.0'
[INFO ] 2023-03-10 06:35:52.172 [pool-2-thread-3] FeatureCacheSynchronizerHelper - Begin Batch Synchronize of 2000 for kind: 'osdu:wks:master-data--SeismicAcquisitionSurvey:1.0.0'
[ERROR] 2023-03-10 06:35:52.906 [pool-2-thread-1] FeatureCacheSynchronizerHelper - GET_COUNT_EXCEPTION
[ERROR] 2023-03-10 06:35:52.906 [pool-2-thread-3] FeatureCacheSynchronizerHelper - GET_COUNT_EXCEPTION
[ERROR] 2023-03-10 06:35:52.906 [pool-2-thread-2] FeatureCacheSynchronizerHelper - GET_COUNT_EXCEPTION
[ERROR] 2023-03-10 06:35:52.922 [pool-2-thread-4] FeatureCacheSynchronizerHelper - GET_COUNT_EXCEPTION
We had verified the search query endpoints for the configured 'kind' data and It returns the results data correctly. However from GCZ environment is not succeeding and throwing get count error!!
Further Analysis and localhost troubleshooting with GCZ dev team, it seems to be missing scope parameter in OAuthToken Request for Client Credentials OAuthFlow in Azure. Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret
Solution: To provide 'scope' as parameter for OAuthToken request for Client Credentials flow. This needs to be fixed to avoid run time authorization failures.