Skip to main content

Scopes

When creating a new user session it is possible to specify what the user will be able to access during this session by requesting various scopes.

These are the scopes currently available:

  • openid (required), the users identity
  • email, the users email
  • profile, the user name
  • offline_access, provides a refresh token which is used to keep the user session open for longer than one day
  • vault:self, grants access to read the users entitlements

It is only possible to request the scopes that have been allowed for a specific client.