Solved: Re: What oauth scope is needed to run a serverless function?

Radoslaw_Szulgo · ‎13 Dec 2022

I can't find in the documentation the scope needed in the configuration to run an app function. I guess that's a reason why I get 403 in the app when trying to call it?

Senior Product Manager,
Dynatrace Managed expert

sinisa_zubic · ‎13 Dec 2022

as long as you user has the policy app-engine:functions:run and app-engine:apps:run you should be covered. I never had to any scopes when I wanted to call the functions.

How do you call your function? do you do it with fetch(<relative url>) or with functions.call(<function name>)

michal_zawislak · ‎13 Dec 2022

Hi Radosław,

In addition to what Sinisa wrote; apps might require additional scopes that are necessary for them to work properly. Those scopes are defined in app.config.ts. Here's an Automations app example:

More details about the scopes setting: https://developer.dynatrace.com/reference/app-toolkit/configuration/#app-options

Your AutomationEngine ally!

Radoslaw_Szulgo · ‎13 Dec 2022

That's what I needed! I had to just add:

app-engine:apps:run
environment-api:credentials:read

@sinisa_zubic any plans to add it to the Dynatrace Developer portal?

Senior Product Manager,
Dynatrace Managed expert

sinisa_zubic · ‎13 Dec 2022

it is already in Dynatrace Developer in the SDK documentation. e.g. when you use the getCredentials function you can see the needed scope: https://developer.dynatrace.com/reference/sdks/client-classic-environment-v2/#getcredentials

also you see for which call you need the app-engine:apps:run scope, e.g. here: https://developer.dynatrace.com/reference/sdks/client-app-engine-registry/#getapp

There are ideas for improvement, but no timeline

What oauth scope is needed to run an app function?