Work with scopes


Supported scopes by grant and response types

The grant type and response type associated with an authorization request can determine the scopes applied for in the request.

Scopes and grant types

The following grant types provide support for the specified scope type:

  • client_credentials

    Allows only env administrator scopes. This grant type is used exclusively for non-interactive, privileged applications. Since there is no user interaction, user scopes are not supported.

  • authorization_code

    Allows only self user scopes. This grant type is used with web applications or native applications that support user interaction.

  • implicit

    Allows only self user scopes. The implicit grant is used with native applications or single-page mobile applications that support user interaction.

Scopes and response types

The following response types provide support for the specified scope types:

  • token

    If the grant type is client_credentials, the token response type supports only env administrator scopes.

    If the grant type is authorization_code or implicit, the token response type supports only self user scopes.

  • code

    Allows only self user scopes. This response type is used only with the authorization_code grant type for applications that support user interaction.

  • id_token

    If the grant type is authorization_code, the id_token response type supports only self user scopes.

    If the grant type is implicit, the id_token response type supports only openid user scopes to control the claims added to the ID token.