Scope Hints
Loading "Scope Hints P0c97"
Scope Hints P0c97
Run locally for transcripts
π¨βπΌ When users try to access our EpicMe journaling app without proper permissions, they need clear guidance on what scopes are available and required. Without this information, clients can't know what to request during the OAuth authorization flow, leading to failed authentication attempts and frustrated users.
The solution is to provide a scope hint (called
scopes_supported) in our OAuth protected resource metadata. This metadata tells clients exactly what scopes are supported and help them understand what permissions they could request from the authorization server.Here's how this works in practice. Imagine a smart home app that controls different devices:
// The protected resource metadata also lists supported scopes
function handleOAuthProtectedResourceRequest(request: Request) {
return Response.json({
resource: 'https://smarthome.example.com/api',
authorization_servers: ['https://auth.smarthome.example.com'],
scopes_supported: [
'lights:read',
'lights:write',
'thermostat:read',
'security:admin',
],
})
}
The
scopes_supported in the protected resource metadata provides a complete list of all supported scopes across the entire system.π For more details on OAuth scope parameters, see the OAuth 2.0 Authorization Framework RFC.
Now, add the missing
scopes_supported to help clients understand what permissions are available for our EpicMe journaling app.