From the course: Web Security: OAuth and OpenID Connect
Join today to access over 25,300 courses taught by industry experts.
Designing and using OAuth scopes - OAuth Tutorial
From the course: Web Security: OAuth and OpenID Connect
Designing and using OAuth scopes
- [Narrator] Now that we've talked about grant types or flows, let's talk about scopes and permissions. In OAuth, a scope is simply a set of permissions you can request. They can be simple like create, read, update or delete, or as complex as you want. I always recommend that you start as simply as you can. It's always easy to get more complicated over time but exceptionally difficult to simplify things once people start using your implementation, and frankly, this is one of the first places where OAuth will give you headaches. For OAuth scopes, there isn't a standard naming format. The only real requirement is that they're unique strings within a given OAuth provider. With that in mind, let's look at some implementations. Within GitHub, if you look at the scopes, they're all over the place. My favorite are the scopes for a repository. If you want full access to a repository, you can request the repo scope. On the other…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.