The purpose of OAuth 2.0 scopes is to limit the authorization granted by the user to a client.
- With Airlock IAM as AS, this can be implemented as follows:
- The client requests a set of scopes when starting an OAuth flow.
- The AS applies a scope policy. Depending on the scope policy configuration, the policy is used to validate the clients' request scopes.
- The AS filter removes non-allowed scopes from the client's request.
- The AS presents the filtered scopes to the user during authentication.
- The user decides which scopes to grant through local or remote consent.
- Claims are added to the resulting tokens by the AS scope processor based on the granted scopes.