Client credentials flow - Assign scope to application

lmirabal · July 22, 2020, 9:37am

I’m trying to implement a client credentials authorisation flow and need to assign different scopes to different applications (service - machine to machine). Not all should be able to see the same data. For example, an internal service can have admin access but an external one would have only read access.

I can see I can add custom scopes to the authorization server but haven’t found a way to link the new scope to certain applications.

Any help is appreciated.

phi1ipp · July 22, 2020, 4:09pm

in the authorization server policy you can specify who can obtain which scope based on the information available, this way you can prevent your clients from obtaining an access token for a required scope. Then it’s a task for your service applications to verify the token presented to them to grant/deny an operation requested from a client

Post		Replies	Views
Client credentials flow - Difficulty in linking together Authorization Servers to Applications to Custom Scopes OAuth/OIDC	2	2483	February 13, 2024
Client Credentials Flow with different application types Questions	2	2691	April 9, 2022
GroupsVsScope association in Client credential workflow Questions	9	3668	April 15, 2021
API custom scope scalability OAuth/OIDC api , oauth	2	61	March 20, 2025
Implementing Client credential flow OAuth/OIDC api	4	5821	December 2, 2022

Client credentials flow - Assign scope to application

Related topics