Scopes
Scopes in Authentication > OAuth Service lists scopes authorized for relying parties.
A scope is a string with the following characteristics:
-
1 to 64 ASCII characters in length
-
Case-sensitive
-
Allowed characters are all printable ASCII characters (
0x21
to0x7E
), except the double-quotes"
(0x22
) and the backslash\
(0x5C
).
There are two types of scopes:
-
Default: Scope is always assigned to the OAuth session, even if the relying party does not request it.
-
Optional: Scope is only assigned to the OAuth session if the relying party explicitly requests it.
When forming a list of more than one scope, each scope is separated by a whitespace, e.g., " |
A default |
To configure a scope:
-
From the Scopes list, select Create New to create a new OAuth scope.
The Create New OAuth Scope window opens.
- Enter the following information:
Name
The name of the scope.
Note: The name appears in the
scope
parameter of the API endpoints.Description
A string value.
- Click Save.
To add a scope to a relying party:
- When editing a relying party, select Add Relying Party Scope in the Relying Party Scopes pane.
- From the Scope dropdown, select a scope.
- In Scope Type, select either Optional or Default.
The default
openid
scope is already added and can be removed by clicking x.The scopes included in the default and optional lists must be mutually exclusive, i.e., the same scope must not appear in both default and optional lists.
- Click Save to save the relying party or click Add Relying Party Scope to create another scope before saving your changes.