Idea ID: 2783188

OAuth scope for client application

Status : Under Consideration
Under Consideration
See status update history
We want to be able to set a scope which assigned to an attribute set and related it to individual registered client application.
The current functionality is that every scope that is being create for OAuth is accessible to all clients, and therefore we cannot restrict which attributes are being sent to each client.



  • I created a cool solution that is related to this topic:
  • I second that: per client OAuth scopes. We would like to define a scope for an internal OAuth client only with user attributes that do not require user permission. This way the internal users would have a "seamless experience", would not be confronted with additional permission dialogs. But currently all scopes defined in the NAM IDP OAuth Resource Server config can be accessed by all registered clients. Also external ones that should not have access to those attributes, e.g. employeeNumber. I think it would be great to have finer control over what scopes an OAuth client can access.