What scope should I use to allow a user to log in using OAuth and use all of the users privileges on a resource server?

Question

I have three servers: An application, a resource server, and an OAuth(/OpenID connect) server. The application is not a third-party application, so I want to be able to generate an access token that allows the application to log in as the user and grant the application all of the user's privileges.

Should the authorization server be responsible for holding the user's privileges, or the application?

What is the best way to create an access token that allows my application all of the privileges of the user, to interact with the resource server?

Gary Archer · Accepted Answer · 2022-01-28T14:13:38.023

1

Maybe have a look at these resources on authorization in APIs, which discuss both OAuth mechanisms and examples on how fields in business data are used. Post back with any follow up questions:

Preferably name scopes after areas of business data and operations on that data. Different systems thetefore design scopes differently.

edited Jan 28 '22 at 14:13

answered Jan 28 '22 at 14:05

Gary Archer

22,534
2
12
24

I saw that resource and it was very useful, especially the concept of "roles" – Tom McLean Jan 28 '22 at 15:04

What scope should I use to allow a user to log in using OAuth and use all of the users privileges on a resource server?

1 Answers1