OpenIAM oAuth Scopes

Overview

Scopes in OAuth 2.0 provide a way to limit the amount of access that is granted to an access token. You can select the scopes from a dropdown on the edit oAuth client page. Note that Scopes in OpenIAM are resources, and you can manage through the resource interface. To get more knowledge about auth scopes please follow specification https://datatracker.ietf.org/doc/html/rfc6749#section-3.3

Default Scopes

OpenIAM provides a set of 21 default scopes. You can find them in resource menu, filtered by type equals 'oAuth Scope'

Scope list

Names of the scopes are self-explanatory.

Custom Scopes

OpenIAM allows creating custom scopes. For this you should create new resource with type oAuth Scope and provide link to a groovy script in field 'Groovy Script'. Enable checkbox 'Is Public', this is mandatory condition for a scope resource. Script must extend AbstractOauthScopeResolver class and override method getValue. Output of the script will be sent as a value of the scope. Example of such scripts you can find in groovy manager in folder '/AM/oauth/'. oAuth Scope