Which UI do you use?

Custom UI

Pre built UI

Paid Feature

This is a paid feature.

You can click on the Enable Paid Features button on our dashboard, and follow the steps from there on. Once enabled, this feature is free on the provided development environment.

Working with Scopes

The allowed scopes are set during the creation process of an OAuth2 Client.

By default, our OAuth2 implementation adds the following built-in scopes:

• email: adds the email, emails and email_verified claims into the ID Token and the User Info.
• phoneNumber: adds the phoneNumber, phoneNumbers and phoneNumber_verified claims into the ID Token and the User Info
• roles: adds the roles claim into the ID Token and Access Token.
  • This will contain the roles returned by getRolesForUser
  • This only works if the UserRoles recipe is initialized
• permissions: adds the permissions claim into the ID Token and Access Token.
  • This will contain the list of permissions obtained by concatenating the result of getPermissionsForRole for all roles returned by getRolesForUser
  • This only works if the UserRoles recipe is initialized

Requesting Specific Scopes

The client can request specific scopes by adding scope query param to the Authorization URL. The requested scopes have to be a subset of what is allowed for the client, otherwise the authentication request will fail. By default all scopes are granted to the client.

Overriding granted scopes

If you want to manually modify the list of scopes that are granted to the client during the authentication flow you can do this by using overrides.

NodeJS

Important

For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.

GoLang

import OAuth2Provider from "supertokens-node/recipe/oauth2provider";

OAuth2Provider.init({
    override: {
        functions: (originalFunctions) => ({
            ...originalFunctions,
            getRequestedScopes: async (input) => {
                const originallyRequestedScopes = await originalFunctions.getRequestedScopes(input);
                const filteredScopes = originallyRequestedScopes.filter((scope) => scope !== "profile");
                return [...filteredScopes, "custom-scope"];
            },
        }),
    },
});

Python

caution

At the moment we do not have support creating OAuth2 providers in the Go SDK.

Other Frameworks

caution

At the moment we do not have support creating OAuth2 providers in the Python SDK.