Default Scopes
On this page
In OAuth there is a concept of a default scope, that the server can issue to the client when nothing else is requested.
This article describes how to use the default scope together with a set of default claims.
Default Scopes
In the Curity Identity Server the default scope is defined as the empty string "". This means that the default scope is always present. All clients always receive the default scope. Simply because any string always contains the empty string "".
From a claims perspective this means that it's possible to define a set of claims that always will be issued, and depending on the mapper will be present in tokens for each client.
Default Claims
If there exists a set of claims that should always be present for any client (if mapped) they could be considered default claims and mapped on the default scope.
The benefit of mapping claims to the default scope is that the client doesn't have to request any particular scope to receive these claims. They will never be forgotten.
Example
All APIs in the organization need the subscriber-id
claim for any request being made on a user's behalf. Instead of adding subscriber-id
to all scopes, the admin can add it to the default scope, and it will always be issued.
Jacob Ideskog
Identity Specialist and CTO at Curity
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial