From 83210d58eeeb4ae3888ceec5c864bd2e0d7035fc Mon Sep 17 00:00:00 2001
From: Sachini De Silva <madusha.sachini@yahoo.com>
Date: Wed, 2 Apr 2025 11:45:05 +0530
Subject: [PATCH] Fix issue in validating scopes for secondary userstore users

---
 .../handlers/security/basicauth/BasicAuthAuthenticator.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/basicauth/BasicAuthAuthenticator.java b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/basicauth/BasicAuthAuthenticator.java
index 9b9d05f44d66..d42ddd0e25f8 100644
--- a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/basicauth/BasicAuthAuthenticator.java
+++ b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/basicauth/BasicAuthAuthenticator.java
@@ -206,14 +206,14 @@ public AuthenticationResponse authenticate(MessageContext synCtx) {
                 log.debug("Basic Authentication: Username and Password authenticated");
             }
             //scope validation
+            String domainQualifiedUserName = basicAuthValidationInfoObj.getDomainQualifiedUsername();
             boolean scopesValid = false;
             try {
                 scopesValid = basicAuthCredentialValidator
-                        .validateScopes(username, openAPI, synCtx, basicAuthValidationInfoObj);
+                        .validateScopes(domainQualifiedUserName, openAPI, synCtx, basicAuthValidationInfoObj);
             } catch (APISecurityException ex) {
                 return new AuthenticationResponse(false, isMandatory, true, ex.getErrorCode(), ex.getMessage());
             }
-            String domainQualifiedUserName = basicAuthValidationInfoObj.getDomainQualifiedUsername();
 
             if (scopesValid) {
                 if (APISecurityUtils.getAuthenticationContext(synCtx) == null) {