OAuth2 Scopes Schema
  • 07 Oct 2024
  • Dark
    Light
  • PDF

OAuth2 Scopes Schema

  • Dark
    Light
  • PDF

Article summary

Within IAP Integration instances, support has been added for OAUTH2 and OIDC authorization requests, including OAUTH access tokens that contain the scopes parameter. The scopes parameter is used by the client (app or website) to signal to the authentication provider which permissions are required for the client’s session.

Sample Scopes Schema

An example integration schema with its scopes in the authorizationCode is presented below. The example uses the BoxDev OAuth2 provider,

The scopes object is an enumerated list of scope_name: description of all scopes the OAuth provider offers, from which the user may choose a subset for the access token. The user can declare this subset in the configuration of the integration instance.

{
  ...
  "components": {
    "securitySchemes": {
      "OAuth2Security": {
        "type": "oauth2",
        "flows": {
          "authorizationCode": {
            "authorizationUrl": "https://account.box.com/api/oauth2/authorize",
            "scopes": {
              "manage_app_users": "Provision and manage app users",
              "manage_data_retention": "Manage data retention polices",
              "manage_enterprise_properties": "Manage enterprise properties",
              "manage_groups": "Manage an enterprise's groups",
              "manage_legal_hold": "Manage Legal Holds",
              "manage_managed_users": "Provision and manage managed users",
              "manage_webhook": "Create webhooks programmatically through the API",
              "root_readonly": "Read all files and folders stored in Box",
              "root_readwrite": "Read and write all files and folders stored in Box"
            },
            "tokenUrl": "https://api.box.com/oauth2/token"
          }
        }
      }
    }
  }
}

Sample Scope Configuration

An example integration instance is shown in Figure 1. From the example configuration, scope is set to read write for Microsoft Online.

Figure 1: Scope Configuration
Scope


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.