Scope

Scope is a parameter as defined in the OAuth 2.0 standards (RFC6749) to enable a client to specify the scope of the access request. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings although some implementations of scope uses a comma-delimited format. Scopes limit access for OAuth2 tokens and do not grant any additional permission beyond that which the client already has.

Scopes apply to applications only. Scopes play a crucial part in defining the ultimate access to a resource by a User.

User’s Roles / Permissions + Claims + Application Scopes

Naming Conventions

Turium Enigma services follow these standard naming conventions for scopes.

Template: {resource}.{optional subresource}.{action}
Examples: mileage.rate.read
          receipts.read

List of v4 Actions

{actions} are common authorizations across resources.

Action Description Examples

Action	Description	Examples
`read`	Read only access (GET)	`receipts.read`, `budgetitem.read`
`write`	Read AND Write access (GET, POST, UPDATE etc)	`company.write`, `travel.receipts.write`
`writeonly`	Write only access	`mileage.journey.writeonly`, `receipts.writeonly`
`delete`	Delete access	N/A

read

Read only access (GET)

receipts.read, budgetitem.read

write

Read AND Write access (GET, POST, UPDATE etc)

company.write, travel.receipts.write

writeonly

Write only access

mileage.journey.writeonly, receipts.writeonly

delete

Delete access

N/A

PreviousMigration OAuth2 Best Practices

Last updated 1 year ago