scope

0 views
Skip to first unread message

Wong-Barnum, Mona

unread,
Apr 27, 2020, 6:08:40 PM4/27/20
to develope...@globus.org

I need some help understanding the Scope setting for Globus activation. I see a note at https://docs.globus.org/api/auth/developer-guide/#register-app that the Scopes field in the app registration is not being used. So should that field be set during the activation process via the https://auth.globus.org/v2/oauth2/authorize call? If yes, can you point me to some documentation on possible values and what they mean?

Mona

*********************************************
Mona Wong
Web & Mobile Application Developer
San Diego Supercomputer Center

"Humility is not thinking less of
yourself, it's thinking of yourself
less."
--- C.S. Lewis
*********************************************

Sam Claassens

unread,
May 4, 2020, 3:54:58 PM5/4/20
to develope...@globus.org
Hi,

Including the response for the discussion group as this was discussed out of channel.

--- 

Yes, at the moment the scopes provided during the client registration are not used, and are not related to the scopes requested during an authorize call.

When you call authorize, the scopes parameter specifies which scopes are needed by your application when accessing resources from another client. More information on /authorize can be found here: https://docs.globus.org/api/auth/reference/#user_authorization_and_authentication_with_oauth2oidc

If you are accessing Globus services, here is a list of some of the often-used Globus scopes:
  • Globus Auth scopes:
    • openid - Returns an ID token with the access token and allows access the /user_info endpoint - more information on that endpoint can be found at https://docs.globus.org/api/auth/reference/#oidc_userinfo_endpoint.
    • email - Returns email address for all returned identities (primary and linked) from /user_info and the ID token.
    • profile - Returns organization, name, identity provider information, and username for all identities (primary and linked) from /user_info and the ID token.
  • Globus Transfer scopes: 
    • urn:globus:auth:scope:transfer.api.globus.org:all - Access to all capabilities of the Globus Transfer service. This includes data transfer and sharing as well as task management. This scope is required to interact with the transfer service, as in https://docs.globus.org/api/transfer/overview/#overview
Regards,
Sam
--
 
Sam Claassens
Senior Software Engineer
Reply all
Reply to author
Forward
0 new messages