concept for everyone
- security
- web
Oauth Scope
The list of permissions an app is asking for when you click 'Allow access'
The list of permissions an app is asking for when you click 'Allow access'
~90s clip · curated window
open on youtube ↗
Key points
- 01 A scope is one item on the permission list an app asks you to approve.
- 02 When you click 'Allow access', you're approving exactly the scopes shown — nothing else.
- 03 Common scopes: `email`, `profile`, `read:files`, `write:posts`.
- 04 Scopes are *requested* by the app and *granted* by you on the consent screen.
- 05 The access token the app receives is stamped with the granted scopes.
- 06 If the app tries to do something outside its scopes, the API rejects the call.
- 07 Scopes are how OAuth keeps third-party apps from getting more access than they need.
Visual
sequenceDiagram participant U as You participant A as App participant P as Provider (e.g. Google) A->>P: Request access with scopes [email, profile] P->>U: 'App wants: email, profile — Allow?' U->>P: Allow P->>A: Access token (scoped to email, profile) A->>P: API call with token P->>A: Data — only the scoped fields
Book a tutor
15-min live
Book — $25David Reinhardt
Auth, OAuth, identity systems
Placeholder profile — real tutor coming soon
Related concepts
Discussion
Comments are powered by Giscus on the project's GitHub Discussions. They'll activate once we enable Discussions on the repo.
Until then, file an issue with feedback.
Contributors
Humans who shaped this entry in the open registry.
- betty