API Scope Configuration

Configuration of the scope of access that the client requests.

The original OAuth 2.0 specification has the concept of scopes, which is just defined as the scope of access that the client requests. Technically speaking, the scope parameter is a list of space-delimited values - you need to provide the structure and semantics of it.

In more complex systems, often the notion of a resource is introduced. This might be e.g. a physical or logical API. In turn, each API can potentially have scopes as well. Some scopes might be exclusive to that resource, and some scopes might be shared.

Configuration Parameters
  • Name - The unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.

  • Display Name - This value can be used e.g. on the consent screen.

  • Description - This value can be used e.g. on the consent screen.

  • Show In Discovery Document - Specifies whether this scope is shown in the discovery document. Defaults to true.

  • Enabled - Indicates if this resource is enabled and can be requested. Defaults to true.

  • Properties - Dictionary to hold any custom API resource-specific values as needed.

    • Key - Key

    • Value - Value

  • User Claims - List of associated user claim types that should be included in the access token.