ReachFive scope
In modern software architecture, different applications want to make use of existing resources when possible when it comes to user profiles and their associated data. However, we can’t just take the information without consent. This is where scopes come into play. In this case, we ask for authorization from the user to access agreed upon information. Upon agreement, the access token only contains those agreed-upon scopes and authorized data. The quote below comes directly from the RFC 6749 Protocol.
Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.
The table below lists the ReachFive scopes.
List of scopes
You can define scopes in your ReachFive Console on both the First-party and Third-party Clients.
See Clients for more details on First-party and Third-party Clients. |
Scope | Description | ||
---|---|---|---|
|
Accesses geographical information (postal address, region, geolocation, etc.). |
||
|
Accesses email information (email addresses and their verification statuses). |
||
|
Allows access to user events.
|
||
|
Allows the privilege to update anything on the user’s profile. |
||
|
Allows access to Multi-factor Authentication (MFA) endpoints.
|
||
|
Allows right to request refresh tokens. |
||
|
Used to ask for an ID token. If no ID token exists, this is not returned. |
||
|
Access to phone information (phone numbers and their verification statuses). |
||
|
Accesses user’s personal information (gender, age, profile picture, etc.).
|
Custom scope
You can create a custom scope via the ReachFive Console. Go to Custom fields for more details.
. You can assign a custom scope to a custom field via the ReachFive Console. Go to . See
Custom scopes are only available to First-party and Third-party clients. If you’re using the Management API, you’re still able to retrieve custom fields regardless of the custom scope as it part of the standard response when retrieving user information. |