05. Scopes/03. Scope Hints (πŸ’ͺ problem)

Scope Hints

Loading "Scope Hints P0c97"
Scope Hints P0c97
Run locally for transcripts
πŸ‘¨β€πŸ’Ό When users try to access our EpicMe journaling app without proper permissions, they need clear guidance on what scopes are available and required. Without this information, clients can't know what to request during the OAuth authorization flow, leading to failed authentication attempts and frustrated users.
The solution is to provide a scope hint (called scopes_supported) in our OAuth protected resource metadata. This metadata tells clients exactly what scopes are supported and help them understand what permissions they could request from the authorization server.
Here's how this works in practice. Imagine a smart home app that controls different devices:
// The protected resource metadata also lists supported scopes
function handleOAuthProtectedResourceRequest(request: Request) {
	return Response.json({
		resource: 'https://smarthome.example.com/api',
		authorization_servers: ['https://auth.smarthome.example.com'],
		scopes_supported: [
			'lights:read',
			'lights:write',
			'thermostat:read',
			'security:admin',
		],
	})
}
The scopes_supported in the protected resource metadata provides a complete list of all supported scopes across the entire system.
πŸ“œ For more details on OAuth scope parameters, see the OAuth 2.0 Authorization Framework RFC.
Now, add the missing scopes_supported to help clients understand what permissions are available for our EpicMe journaling app.
Edit
problemsolutiondiffchat

Please set the playground first

Loading "Scope Hints"
Loading "Scope Hints"

Access Denied

You must login or register for the workshop to view the diff.

Check out this video to see how the diff tab works.