Overview#

Scp (Scopes) Claim is described in OAuth 2.0 Token Exchange as an array of strings, each of which represents an OAuth Scope granted for the issued security token.

Each array entry of the claim value is a scope-token, as defined in Section 3.3 of OAuth 2.0 RFC 6749.

The following example illustrates the "scp" claim within a JWT Claims Set with four scope-tokens.

{
  "aud":"https://consumer.example.com",
  "iss":"https://issuer.example.com",
  "exp":1443904177,
  "nbf":1443904077,
  "sub":"dgaf4mvfs75Fci_FL3heQA",
  "scp":["email","address","profile","phone"]
}
OAuth 2.0 Token Introspection RFC 7662 defines the "scope" parameter to convey the scopes associated with the token.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 18-Mar-2017 15:06 by jim