Identity Provider Scopes
- Environmental Variable:
IDP_SCOPES
- Config File Key:
idp_scopes
- Kubernetes: see
identityProvider.scopes
- Type: list of
string
- Default:
openid
,profile
,email
,offline_access
(typically) - Optional for built-in identity providers.
Identity provider scopes correspond to access privilege scopes as defined in Section 3.3 of OAuth 2.0 RFC6749. The scopes associated with Access Tokens determine what resources will be available when they are used to access OAuth 2.0 protected endpoints.
danger
If you are using a built-in provider, you probably don't want to set customized scopes.
danger
Some providers, like Amazon Cognito, do not support the offline_access
scope.