What are scopes?

• Scope of access

• Keys, not values

• Requested by the client

• Consented to by the user (sometimes)

• Authorized by the authorization server

• Used to express client privileges

  • Not user level privileges

• Examples

  • read

  • openid

  • user_invoice_update

  • user_invoice_read