Letting resource owners choose scopes to be authorized


Authlete enables developers to build an authorization page where end-users (or resource owners) can choose scopes, using scopes parameter at the /auth/authorization/issue endpoint.


Considering the user experience, sometimes we want to implement the authorization pages where end-users can choose their scopes. Authlete provides a function to achieve the requirement.

The scopes parameter at /auth/authorization/issue endpoint enables narrowing down scopes, which are initially requested in the corresponding authorization request. By giving a non-empty string array as the value of the scopes parameter, Authlete replaces the scopes with it.

Please bear in mind that this function only narrows down the scopes originally requested at /auth/authorization endpoint. The scopes parameter cannot add scopes that you did not request at the /aut/authorization endpoint.

How did we do with this article?