Scope attributes

Overview


This article describes scope attributes. 


What are scope attributes?


Scopes attributes are arbitrary key-value pairs associated with a scope. You can configure multiple scope attributes for each scope and utilize them for authorization decision and other processing in your authorization server. Some of attributes are predefined by Authlete to be used for system settings.

The key and value of a scope attribute are string values and each scope can have multiple scope attributes. 

How to create scope attributes


You can create scope attributes at Service Owner Console as below.

  1. Open the edit page for your service at Service Owner Console.
  2.  Click "Create Scope" button to open a dialog box for creating a new scope.
  3.  Click "New Attribute" button.
  4.  Enter a key-value pair of the attribute and then click "Create" button. Note that key and value are string type.

Predefined scope attributes


The scope attributes listed below are predefined by Authlete for special purposes.
Attribute key
Attibute value
Description
access_token.duration
number
This attribute is used to configure access token duration for each scope. For more details, see "Configure duration of access tokens and refresh tokens for each scope".
refresh_token.duration
number
This attribute is used to configure refresh token duration for each scope. For more details, see "Configure duration of access tokens and refresh tokens for each scope".
fapi
r
This is used to enable FAPI read-only API profile on Authlete. For more details see "How to use FAPI feature".
fapi
rw
This is used to enable FAPI read-and-write API profile on Authlete. For more details see "How to use FAPI feature".


How to use scope attributes


You can utilize scope attributes for various use cases. The following code snippet of an authorization server is an example using Authlete's /auth/authorization API for parsing an authorization request from a client, and doing something  based on attributes of scopes included in the request.

// Call Authlete /api/authorization API.
AuthorizationResponse res = callAuthorizationAPI();

// Get scopes contained in the original authorization request.
Scope[] scopes = res.getScopes(); 

if (scopes == null || scopes.length() == 0)
{
    return;
}

// Check each scope's attributes.
for (Scope scp in scopes)
{
    // Get the scope attributes of the scope.
    Pair[] attributes = scp.getAttributes();

    if (attributes == null || attributes.length() == 0)
    {
        continue;
    }

    // Check each attributes.
    for (Pair attr in attributes)
    {
        // The key of the attribute.
        String key = attr.getKey();

        // The value of the attirbute.
        String value = attr.getValue();

        // If the key is the target one.
        if ("targetkey".equals(key))
        {
            // Do something with the value.
            doSomething(value);
        }
    }
}

How did we do with this article?