Rob Allen

Pragmatism in the real world

QAuth scopes vs user roles

There is a different between scopes and roles.

A scope is the abilities that the client requests that the user can then decide if they are going to authorise that client to do those things.

A role is the rights that a given user has within the application.

Scope examples are “read-name”, “read-address”, “read-email”, ‘write-all”, etc. Example roles might be “moderator”, “user”, “administrator”, etc. and is used by the app to determine what the user can do regardless of which client the user is using to perform the action.

If a user authorises a client with only the “read-name” scope, then that client tries to update the name, it will fail, regardless of whether the user’s role allows them to perform that functionality.

This article was posted on in Development

Thoughts? Leave a reply

Your email address will not be published. Required fields are marked *

Search

I'm Rob Allen, a software consultant and engineering leader, concentrating on HTTP APIs. A proponent of Open Source, I maintain rst2pdf and Slim Framework, and contribute to Apache OpenWhisk amongst other OSS projects.

I live in the UK, run 19FT and publish Daily Jotter for Mac. I am a public speaker and wrote Zend Framework in Action.

Follow

Nineteen Feet Limited logo

Books I've written

Zend Framework in Action book cover
C++Builder 5 Developer's Guide book cover