How come when defining the scope in my Oauth client profile, the profile will match even when invoked with extraneous characters added to the scope?
For example, I defined my scope as "/ibm". If the client provides a scope of "/ibmtwo" the scope is still matched.
The scope is a PCRE (Perl Compatible Regular Expressions). From the WebGUI help: "Specifies the PCRE to check the scope. The minimum length of the expression is 1 character. The maximum length of the expression is 1023 characters.".
The scope will not be a strict compare between two strings but rather the supplied scope from the client will checked for a match based on the PCRE supplied. Therefore, there can be characters before and after the string "/ibm" as long as the string contains "/ibm".
In order to match an exact string, you could make use of the characters ^ and $ which denote start and end of a string. For example a scope ^/ibm$ will only match on "/ibm", not "/ibmtwo".