ReachFive scope
In modern software architecture, different applications want to make use of existing resources when possible when it comes to user profiles and their associated data. However, we can’t just take the information without consent. This is where scopes come into play. In this case, we ask for authorization from the user to access agreed upon information. Upon agreement, the access token only contains those agreed-upon scopes and authorized data. The quote below comes directly from the RFC 6749 Protocol.
Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.
The table below lists the ReachFive scopes.
List of scopes
You can define scopes in your ReachFive Console on both the First-party and Third-party Clients.
See Clients for more details on First-party and Third-party Clients. |
Scope | Description | ||
---|---|---|---|
|
Used to ask for an ID token. If no ID token exists, this is not returned. |
||
|
Accesses geographical information (postal address, region, geolocation, etc.). |
||
|
Accesses email information (email addresses and their verification statuses). |
||
|
Access to phone information (phone numbers and their verification statuses). |
||
|
Allows right to request refresh tokens. |
||
|
Accesses user’s personal information (gender, age, profile picture, etc.).
|
||
|
Allows the privilege to update anything on the user’s profile. |
||
|
Allows access to user events.
|
Custom scope
You can create a custom scope via the ReachFive Console. Go to
.You can assign a custom scope to a custom field via the ReachFive Console. Go to Custom fields for more details. | . See