Scope

Scope is a parameter as defined in the OAuth 2.0 standards (RFC6749) to enable a client to specify the scope of the access request. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings although some implementations of scope uses a comma-delimited format. Scopes limit access for OAuth2 tokens and do not grant any additional permission beyond that which the client already has.

Scopes apply to applications only. Scopes play a crucial part in defining the ultimate access to a resource by a User.

User’s Roles / Permissions + Claims + Application Scopes

Naming Conventions

Turium Enigma services follow these standard naming conventions for scopes.

Template: {resource}.{optional subresource}.{action}
Examples: mileage.rate.read
          receipts.read

List of v4 Actions

{actions} are common authorizations across resources.

Action

Description

Examples

read

Read only access (GET)

receipts.read, budgetitem.read

write

Read AND Write access (GET, POST, UPDATE etc)

company.write, travel.receipts.write

writeonly

Write only access

mileage.journey.writeonly, receipts.writeonly

delete

Delete access

N/A

PreviousMigration OAuth2 Best Practices

Last updated 2 years ago

Was this helpful?