- Access Tokens
- Refresh Tokens
- ID Tokens
- Registering localized descriptions for custom scopes
- Letting resource owners choose scopes to be authorized
- Scope attributes
- Client Management
- Authorization Endpoint
- Error Handling
- Client Authentication
- Userinfo Endpoint
Letting resource owners choose scopes to be authorized
Authlete enables developers to build an authorization page where end-users (or resource owners) can choose scopes, using scopes parameter at the /auth/authorization/issue endpoint.
Considering the user experience, sometimes we want to implement the authorization pages where end-users can choose their scopes. Authlete provides a function to achieve the requirement.
The scopes parameter at /auth/authorization/issue endpoint enables narrowing down scopes, which are initially requested in the corresponding authorization request. By giving a non-empty string array as the value of the scopes parameter, Authlete replaces the scopes with it.
Please bear in mind that this function only narrows down the scopes originally requested at /auth/authorization endpoint. The scopes parameter cannot add scopes that you did not request at the /aut/authorization endpoint.
How did we do with this article?