OAuth/OpenID Connect server: support of scopes?

[Guido Wimmel]

Hi,

we have evaluated the use of CAS 5 as an OAuth/OpenID connect server (we are
already using CAS successfully for Web authentication, so this could be a natural
extension).

The general OAuth/OpenID connect support works fine.

However, I understand that the OAuth server support (as described in
https://apereo.github.io/cas/5.0.x/protocol/OAuth-Protocol.html ) does
not (yet) include the handling of scopes (e.g. to control the consent approval view,
to control which services the user is allowed to access, to control which OIDC attributes
are returned, to possibly store approvals / allow revocation of approvals).

Are there any experiences in extending CAS to handle OAuth scopes?
Are there plans to extend the general OAuth/OpenID support in this direction?

Thanks in advance, best regards,
Guido

[Misagh Moayyed]

Are there any experiences in extending CAS to handle OAuth scopes? 
Are there plans to extend the general OAuth/OpenID support in this direction? 

There could be plans, starting from a simple github issue to tackle the case. If that’s something you are interested to work on, by all means.

For now, I suppose access and attribute release are done through normal CAS machinery that does all else.