OAuth Scopes

OAuth scopes let you specify exactly how your app needs to access data. As an app developer, you specify your desired scopes in the initial OAuth authorization request. In some cases, when a user is responding to your OAuth request, the requested scopes will be displayed to them when they are asked to approve your request.

When creating an service that obtain an access token through the client credential flow, the scopes associated to the client will automatically be granted.

Data access limitations

The access your client can have on the data is limited by several parameters:

  • The client roles
  • The authenticated user
  • The client scopes

How are scopes defined

InfoFlora uses scopes that refer to the resource they grant access to, followed by the class of actions on that resource they allow (e.g. file:write). Additionally, some scopes may have an optional modifier which will reduce scope action range on resource.

The list of resources includes observation, validation, user, along with many other resources.


Existing scopes

Scopes are granted to OAuth client and allows applications perform various openrations on data.

Scope Description
community:read Allows to read informations about communities
community:write Allows to create and update informations about communities
document:read Allows to read documents
document:write Allows to create and update documents
florid:read Allows to read FlorID identifications
invitation:read Allows to read invitations informations
invitation:write Allows to create and update invitations informations
mission:read Allows to read missions informations
mission:write Allows to create and update missions informations
observation:read Allows to read observations informations
observation:write Allows to create and update observations informations
observation:write:flags Allows to update observations flags
observation:validate Allows to make validation actions on observations
observation:moderate Allows to moderate validation conflicts on observations
policy:read Allows to read access policies
policy:write Allows to create and update access policies
project:read Allows to read projects informations
project:write Allows to create and update projects informations
regioflora:write Allows to create and update regioflora informations
releve:read Allows to read releves informations
releve:write Allows to create and update releves informations
station:read Allows to read stations informations
station:write Allows to create and update stations informations
statistic:read Allows to read statistics
user:read Allows to read user informations
user:read:people Allows to access people informations
user:read:observation-rights Allows to read user rights on observations
user:write Allows to update user informations
validation:read Allows to read validation informations
validation:read:status Allows to read validation statuses
validation:write Allows to create and update validation informations
validation:write:observations Allows to notify validation of observation changes