scope

From IndieWeb
Jump to: navigation, search


In OAuth terminology, scope is a way to limit what parts of your account are accessible by third-party applications.

For example, you can choose to allow one application to read your basic profile info, while another application may be authorized to post on your behalf.

Micropub Scopes

Micropub clients use scopes to indicate what permissions they are requesting from Micropub servers, which will result in the user seeing the listed scopes in the authorization prompt. Clients and servers must agree on the names and expected behavior of a list of scopes in order to provide a consistent user experience among apps.

Listed below are the currently supported Micropub scopes across most clients and servers.

  • create - allows the client to create posts on behalf of the user
  • update - allows the client to edit existing posts
  • delete - allows the client to delete posts
  • media - allows the client to upload files to the media endpoint

These are distinct permissions, so e.g. granting a client only "create" scope means it will not be able to update or delete existing posts.

Most servers allow clients with the create scope to also allow uploading to the media endpoint. The media scope can be used to allow clients to only upload to the media endpoint without being able to also create posts.

Use the sections below to document additional experimental scopes that software has implemented, and once there are two or more clients and servers that support the additional scopes, they can be added to the registry above.

Scopes supported by IndieWeb clients

quill scope selection.png
  • Quill requests the "create" and/or "update" scope when authorizing it to create posts on your domain.
  • OwnYourGram requests the "create" scope when authorizing it to create photo posts on your domain.
  • Micropublish.net requests the scopes "post" or "create update delete undelete", for the user to choose
  • Indigenous requests the "create", "update" and "delete" scopes when logging in to the app.
  • indiebookclub requests the "create" scope.
  • Indiepaper requests the "create", "update", and "save" scopes when logging in.

Scopes supported by IndieWeb servers

aaronpk auth form.png
  • Known supports _____
  • The Wordpress Micropub plugin supports _____
  • Aaron Parecki requires the "create" scope in order for a client to create new posts, "update" for updates, and "delete" for deletes. "media" for file uploads.
  • Pelle Wessman, using his micropub-to-github endpoint, requires the "create" or "post" scope for a client to give access, treating "create" as the preferred one
  • Sebastiaan Andeweg uses scopes "create", "update", "delete", "media" (for photo upload) and "media-plus" (for uploads without limitations on file extension)

Microsub Scopes

Microsub clients use scopes to indicate what actions they are requesting to be able to take on the user's account.

Main article: Microsub-spec#Scopes

Scopes used by Silos

Github

Github has defined many scopes for granting very granular permissions to applications. By default, applications can only read public profile info unless granted explicit scopes. Write access to any parts of a user account must be explicitly authorized with one or more scopes such as "user", "repo", or "gist". Deleting repos requires a specialized scope as well.

See the full list of Github OAuth scopes.

Google+

Scopes that conform to the OpenID Connect standard have full names that are short: profile, email and openid—they are not in the form of a URI. On the other hand, Google-specific scopes are in the form of a URI, such as https://www.googleapis.com/auth/plus.login

See also: Authorization scopes

See Also