ORCID · amontenegro · Feb 20, 2025
diff --git a/orcid-api-common/src/main/java/org/orcid/api/common/jaxb/OrcidExceptionMapper.java b/orcid-api-common/src/main/java/org/orcid/api/common/jaxb/OrcidExceptionMapper.java
@@ -88,7 +88,14 @@ public class OrcidExceptionMapper implements ExceptionMapper<Throwable> {
     public Response toResponse(Throwable t) {
         // Whatever exception has been caught, make sure we log it.
         String clientId = securityManager.getClientIdFromAPIRequest();
-        if(t instanceof OrcidDeprecatedException
+        if(t instanceof OrcidInvalidScopeException) {
+            // This exception happens on client_credentials grant, so, the security manager doesn't have the client id info
+            OrcidInvalidScopeException ex = (OrcidInvalidScopeException) t;
+            if(clientId == null) {
+                clientId = ex.getClientId();
+            }
+            logShortError(t, clientId);
+        } else if(t instanceof OrcidDeprecatedException
                 || t instanceof LockedException
                 || t instanceof DeactivatedException
                 || t instanceof OrcidNoBioException

diff --git a/.../src/main/java/org/orcid/api/common/oauth/OrcidClientCredentialEndPointDelegatorImpl.java b/.../src/main/java/org/orcid/api/common/oauth/OrcidClientCredentialEndPointDelegatorImpl.java
@@ -131,7 +131,7 @@ public Response obtainOauth2Token(String authorization, MultivaluedMap<String, S
                     if(scopeType.isInternalScope()) {
                         // You should not allow any internal scope here! go away!
                         String message = localeManager.resolveMessage("apiError.9015.developerMessage", new Object[]{});
-                        throw new OrcidInvalidScopeException(message);
+                        throw new OrcidInvalidScopeException(message, clientId, scope);
                     } else if(OrcidOauth2Constants.GRANT_TYPE_CLIENT_CREDENTIALS.equals(grantType)) {
                         if(!scopeType.isClientCreditalScope())
                             toRemove.add(scope);
@@ -147,7 +147,10 @@ public Response obtainOauth2Token(String authorization, MultivaluedMap<String, S
             }                        
         } catch (IllegalArgumentException iae) {
             String message = localeManager.resolveMessage("apiError.9015.developerMessage", new Object[]{});
-            throw new OrcidInvalidScopeException(message);
+            if(scopes != null) {
+                message += " Provided scopes: " + String.join(",", scopes);
+            }
+            throw new OrcidInvalidScopeException(message, clientId, iae.getMessage());
         }
 
         try{

diff --git a/orcid-core/src/main/java/org/orcid/core/exception/OrcidInvalidScopeException.java b/orcid-core/src/main/java/org/orcid/core/exception/OrcidInvalidScopeException.java
@@ -11,11 +11,28 @@ public class OrcidInvalidScopeException extends ApplicationException {
 
     private static final long serialVersionUID = 1L;
 
+    private String clientId;
+    private String scope;
+
     public OrcidInvalidScopeException() {
         super();
     }
 
     public OrcidInvalidScopeException(String message) {
         super(message);
     }
+
+    public OrcidInvalidScopeException(String message, String clientId, String scope) {
+        super(message);
+        this.clientId = clientId;
+        this.scope = scope;
+    }
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public String getScope() {
+        return scope;
+    }
 }