Working with Scopes
This is a paid feature.
You can click on the Enable Paid Features button on our dashboard, and follow the steps from there on. Once enabled, this feature is free on the provided development environment.
The allowed scopes are set during the creation process of an OAuth2 Client.
By default, our OAuth2 implementation adds the following built-in scopes:
email
: adds theemail
,emails
andemail_verified
claims into the ID Token and the User Info.phoneNumber
: adds thephoneNumber
,phoneNumbers
andphoneNumber_verified
claims into the ID Token and the User Inforoles
: adds the roles claim into the ID Token and Access Token.- This will contain the roles returned by
getRolesForUser
- This only works if the
UserRoles
recipe is initialized
- This will contain the roles returned by
permissions
: adds thepermissions
claim into the ID Token and Access Token.- This will contain the list of permissions obtained by concatenating the result of
getPermissionsForRole
for all roles returned bygetRolesForUser
- This only works if the
UserRoles
recipe is initialized
- This will contain the list of permissions obtained by concatenating the result of
Requesting Specific Scopes
The client can request specific scopes by adding scope
query param to the Authorization URL.
The requested scopes have to be a subset of what is allowed for the client, otherwise the authentication request will fail.
By default all scopes are granted to the client.
Overriding granted scopes
If you want to manually modify the list of scopes that are granted to the client during the authentication flow you can do this by using overrides.
import OAuth2Provider from "supertokens-node/recipe/oauth2provider";
OAuth2Provider.init({
override: {
functions: (originalFunctions) => ({
...originalFunctions,
getRequestedScopes: async (input) => {
const originallyRequestedScopes = await originalFunctions.getRequestedScopes(input);
const filteredScopes = originallyRequestedScopes.filter((scope) => scope !== "profile");
return [...filteredScopes, "custom-scope"];
},
}),
},
});