OAuth Scopes
Table of Contents
OAuth scopes let you specify exactly how your app needs to access data. As an app developer, you specify your desired scopes in the initial OAuth authorization request. In some cases, when a user is responding to your OAuth request, the requested scopes will be displayed to them when they are asked to approve your request.
When creating an service that obtain an access token through the client credential flow, the scopes associated to the client will automatically be granted.
Data access limitations
The access your client can have on the data is limited by several parameters:
- The client roles
- The authenticated user
- The client scopes
How are scopes defined
InfoFlora uses scopes that refer to the resource they grant access to, followed by the class of actions on that resource they allow (e.g. file:write). Additionally, some scopes may have an optional modifier which will reduce scope action range on resource.
The list of resources includes observation, validation, user, along with many other resources.
[resource]:[action]:[modifier]
Existing scopes
Scopes are granted to OAuth client and allows applications perform various openrations on data.
| Scope | Description |
|---|---|
community:read |
Allows to read informations about communities |
community:write |
Allows to create and update informations about communities |
document:read |
Allows to read documents |
document:write |
Allows to create and update documents |
florid:read |
Allows to read FlorID identifications |
invitation:read |
Allows to read invitations informations |
invitation:write |
Allows to create and update invitations informations |
mission:read |
Allows to read missions informations |
mission:write |
Allows to create and update missions informations |
observation:read |
Allows to read observations informations |
observation:write |
Allows to create and update observations informations |
observation:write:flags |
Allows to update observations flags |
observation:validate |
Allows to make validation actions on observations |
observation:moderate |
Allows to moderate validation conflicts on observations |
policy:read |
Allows to read access policies |
policy:write |
Allows to create and update access policies |
project:read |
Allows to read projects informations |
project:write |
Allows to create and update projects informations |
regioflora:write |
Allows to create and update regioflora informations |
releve:read |
Allows to read releves informations |
releve:write |
Allows to create and update releves informations |
station:read |
Allows to read stations informations |
station:write |
Allows to create and update stations informations |
statistic:read |
Allows to read statistics |
user:read |
Allows to read user informations |
user:read:people |
Allows to access people informations |
user:read:observation-rights |
Allows to read user rights on observations |
user:write |
Allows to update user informations |
validation:read |
Allows to read validation informations |
validation:read:status |
Allows to read validation statuses |
validation:write |
Allows to create and update validation informations |
validation:write:observations |
Allows to notify validation of observation changes |